[olug] Building a web server for both security and performance in 2011
Lou Duchez
lou at paprikash.com
Thu Sep 1 14:18:31 UTC 2011
I've been experimenting with SSL from startssl.com. It's free, and it
seems to work well enough so far.
Also, where my Web apps require a login / password, I try to hook them
into Fail2Ban, so that repetitive failed logins trigger a temporary IP
ban and an E-Mail to the admin.
> generally, yes, the big issue we ran into with selinux was having a
> web page be able to gpg a file
>
>
> I'd add to my list run ssl - for $50 at godaddy (or less other
> places), there's almost no reason not to
>
>
>
> -barry
>
>
>
>
> On 8/31/2011 11:26 PM, Kevin wrote:
>> On CentOS/RHEL, SELinux is actually not all that bad. Certainly on any
>> system I was hardening, I would enable it.
>>
>> On Wed, Aug 31, 2011 at 18:36, Barry Von Ahsen<barry at vonahsen.com>
>> wrote:
>>> generally I:
>>>
>>> * don't load/remove modules I don't need
>>> * remove the dumb default .conf files my distro adds (centos/rhel)
>>> * run mod_security
>>> * run php-suhosin
>>>
>>> in theory, also run selinux/apparmor, but it's usually been more
>>> trouble
>>> than it's worth
>>>
>>> -barry
>>>
>>>
>>>
>>>
>>> On 08/30/2011 04:51 PM, T. J. Brumfield wrote:
>>>>
>>>> I've tried to keep up on best practices over the years, but I'm always
>>>> wondering if there are tips and tricks out there that I'm not aware
>>>> of,
>>>> especially when it comes to securing a web server.
>>>>
>>>> If you were putting together a standard for a web Linux server
>>>> today, what
>>>> would you recommend?
>>>>
>>>> -- T. J. Brumfield
>>>> _______________________________________________
>>>> OLUG mailing list
>>>> OLUG at olug.org
>>>> https://lists.olug.org/mailman/listinfo/olug
>>>
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://lists.olug.org/mailman/listinfo/olug
>>>
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
More information about the OLUG
mailing list