From owner-freebsd-security Tue May 14 0:36:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.liwing.de (mail.liwing.de [213.70.188.162]) by hub.freebsd.org (Postfix) with ESMTP id 98A9237B404 for ; Tue, 14 May 2002 00:36:38 -0700 (PDT) Received: (qmail 13437 invoked from network); 14 May 2002 07:45:32 -0000 Received: from stingray.liwing.de (HELO liwing.de) ([213.70.188.164]) (envelope-sender ) by mail.liwing.de (qmail-ldap-1.03) with SMTP for ; 14 May 2002 07:45:32 -0000 Message-ID: <3CE0BCE8.D6B258F3@liwing.de> Date: Tue, 14 May 2002 09:29:44 +0200 From: Jens Rehsack Organization: LiWing IT-Services X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Gunnar Flygt Cc: freebsd-security@freebsd.org Subject: Re: Secure installation of Apache on 4.5 References: <20020514051330.B33845@sr.se> Content-Type: multipart/mixed; boundary="------------00EC553232E3C84D231364F4" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. --------------00EC553232E3C84D231364F4 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Gunnar Flygt wrote: > > What would be an secure approach to running Apache with Java-Tomcat on a > FreeBSD 4.5 (or higher) > > Should I install Apache the default port way, or? And the same for the > java parts. I choose patch the makefile and the apache.sh start script (as attached). It's not a chroot-env, but without s-bits and a listening port higher 1024 - what can a user without a shell and a home-dir do? Delete it's owned files? 'tar xf backup'. With Tomcat I do not have any expirience, sorry. Jens Rehsack > -- > __o > regards, Gunnar ---_ \<,_ > email: flygt@sr.se ---- (_)/ (_) > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- L i W W W i Jens Rehsack L W W W L i W W W W i nnn gggg LiWing IT-Services L i W W W W i n n g g LLLL i W W i n n g g Friesenstraße 2 gggg 06112 Halle g g g Tel.: +49 - 3 45 - 5 17 05 91 ggg e-Mail: Fax: +49 - 3 45 - 5 17 05 92 http://www.liwing.de/ --------------00EC553232E3C84D231364F4 Content-Type: application/x-sh; name="apache.sh" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="apache.sh" #!/bin/sh case "$1" in start) touch /var/log/httpd-access.log chmod 600 /var/log/httpd-access.log chown www:www /var/log/httpd-access.log touch /var/log/httpd-script.log chmod 600 /var/log/httpd-script.log chown www:www /var/log/httpd-script.log touch /var/log/httpd-error.log chmod 600 /var/log/httpd-error.log chown www:www /var/log/httpd-error.log touch /var/run/httpd.pid chmod 600 /var/run/httpd.pid chown www:www /var/run/httpd.pid [ -x /usr/local/sbin/apachectl ] && { su -m www -c \ '/usr/local/sbin/apachectl start > /dev/null' echo -n ' apache' } ;; stop) [ -r /var/run/httpd.pid ] && /usr/local/sbin/apachectl stop > /dev/null && echo -n ' apache' ;; *) echo "Usage: `basename $0` {start|stop}" >&2 ;; esac exit 0 --------------00EC553232E3C84D231364F4-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message