Date: Wed, 14 Dec 2005 23:53:06 -0500 From: "Tamouh H." <hakmi@rogers.com> To: "'FreeBSD'" <freebsd-questions@freebsd.org> Subject: RE: Insecure Web App Hosting Message-ID: <20051215045249.C993543D53@mx1.FreeBSD.org> In-Reply-To: <e572718c0512141631h102c2620kb51ac8954894b21f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/15/05, Mike Esquardez <mikeala3@hotmail.com> wrote: > > i have to install a server that will host a "test drive" of > a web app > > on the internet. from my inital look at the app, it looks > like it will > > be a target to be exploited. i am not involved with the > code so fixing > > it is not an option. what i would like to try and do is > host it in a > > manner where i can minimize the risk and damage. it will only have > > sample data and it doesnt have to be "live". some ideas i have- > > > > automate disk imaging or rsync. > > read only filesystem. > > integrity tool. > > live cd version of the app. > > > > any other ideas????? > If this Web App depends on Apache/PHP/mySQL then you'll need a module like mod_security for Apache and use rules from gotroot.com to secure against SQL injections...etc. I'd actually do the following: 1) Secure your Kernel 2) IPFW and close the server down except to services you need 3) run rkhunter as cron to scan against problems 4) run the mod_security for Apache and make sure your PHP/Apache processes are configured properly. 5) Lastly, do backups ;-) Tamouh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051215045249.C993543D53>