• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

RedHat, Apache & security at home....

aircooled

aircooled

Lifer
OK, now that I have RedHat 7.3 installed with Apache running my private family website (using Dynamic DNS from dynu.com).... What security measures do I need to take to protect my home network....

Heres what I have now.

DSL
Linksys router with port 80 open for the apache box's IP only.
RedHat 7.3 with all the updates.
apache (version shipped with redhat).
and really nothing else but KDE and the standard apps that come with redhat.
The rest of my network is Windows.

I did not install the built in firewall that redhat offers, because I didn't want any obsticals on my first experience with apache. I guess I could turn it on and onlt open port 80 for it also.

Does apache even have any security issues??? I understand it's much safer than IIS, but if there any patches or holes that need filled I figure I'd better get on it.

Thanks!



 
theres not much more you should do/need to do. your router only has port 80 open, and is forwarding that to your redhat machine, just make sure you keep up on apache updates and stay informed on bugs/exploits
 
You really don't need to do anything else. I'm also pretty sure that you wouldn't need a software firewall seeing as you are behind a hardware firewall... Running Apache on RH should be stable and secure as long as you keep up with the updates as BingBongWongFooey suggested, and don't do everything as root...
 
Hehe, lots different than Windows! If your router is only forwarding port 80 to the local IP then I don't think a software firewall will be of any use.

Since I switched my home server from Windows 2000 Server to Debian I have much less to do. Maintaining it is a breeze, but now I'm bored so that gets me into different troubles. I haven't had to reboot the server in weeks, I log in once a week or so to check for updates, which is really easy with Debian - log in as root, at the command line run 'apt-get update' then 'apt-get dist-upgrade' and any updates are found, any dependencies are also updated, logout, and you're set for another week.

I originally had it set up with Red Hat 7.3, but I found that maintaining a Debian system is a lot easier. Setting it up is a little harder, but now I have a lean, mean, serving machine with no extra fat and only the stuff I really need installed. And the price is right.
 
if only port 80 is forwarded, then people can only connect to that machine on port 80.

Therefore only the linux kernel TCP/IP stack, and whatever daemon is listening on port 80 are even exposed to the world.

Funny your timing though, a recent bug in apache has been reported that will make it possible for people to dos attack you, but not actually hack you. Don't worry though, I haven't heard of an exploit in the wild yet, and it'll be less than a week till redhat has a patch for you. Just watch the "eratta" page on their site.

bart
 
For good measure, you should turn off unwanted services.

I dont know how good RedHat is in this respect these days, but when I used it last time, it ran lots of stuff by default.
If Im not mistaken, RedHat ships with a tool called "setup" that allows you to do this easially, it also includes help about the individual services.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top