Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 14 May 2002 09:29:44 +0200
From:      Jens Rehsack <rehsack@liwing.de>
To:        Gunnar Flygt <flygt@sr.se>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Secure installation of Apache on 4.5
Message-ID:  <3CE0BCE8.D6B258F3@liwing.de>
References:  <20020514051330.B33845@sr.se>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]


Gunnar Flygt wrote:
> 
> What would be an secure approach to running Apache with Java-Tomcat on a
> FreeBSD 4.5 (or higher)
> 
> Should I install Apache the default port way, or? And the same for the
> java parts.
I choose patch the makefile and the apache.sh start script (as attached).
It's not a chroot-env, but without s-bits and a listening port higher
1024 - what can a user without a shell and a home-dir do? Delete it's owned
files? 'tar xf backup'.

With Tomcat I do not have any expirience, sorry.

Jens Rehsack
> --
>                            __o
> regards, Gunnar       ---_ \<,_
> email: flygt@sr.se ---- (_)/ (_)
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
L     i  W     W     W  i                 Jens Rehsack
L        W     W     W
L     i   W   W W   W   i  nnn    gggg    LiWing IT-Services
L     i    W W   W W    i  n  n  g   g
LLLL  i     W     W     i  n  n  g   g    Friesenstraße 2
                                  gggg    06112 Halle
                                     g
                                 g   g
Tel.:  +49 - 3 45 - 5 17 05 91    ggg     e-Mail: <rehsack@liwing.de>
Fax:   +49 - 3 45 - 5 17 05 92            http://www.liwing.de/
[-- Attachment #2 --]
#!/bin/sh

case "$1" in
start)
	touch /var/log/httpd-access.log
	chmod 600 /var/log/httpd-access.log
	chown www:www /var/log/httpd-access.log
	touch /var/log/httpd-script.log
	chmod 600 /var/log/httpd-script.log
	chown www:www /var/log/httpd-script.log
	touch /var/log/httpd-error.log
	chmod 600 /var/log/httpd-error.log
	chown www:www /var/log/httpd-error.log
	touch /var/run/httpd.pid
	chmod 600 /var/run/httpd.pid
	chown www:www /var/run/httpd.pid
	[ -x /usr/local/sbin/apachectl ] && {
		su -m www -c \
			'/usr/local/sbin/apachectl start > /dev/null'
		echo -n ' apache'
	}
	;;
stop)
	[ -r /var/run/httpd.pid ] && /usr/local/sbin/apachectl stop > /dev/null && echo -n ' apache'
	;;
*)
	echo "Usage: `basename $0` {start|stop}" >&2
	;;
esac

exit 0

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CE0BCE8.D6B258F3>