[olug] Building a web server for both security and performance in 2011
Barry Von Ahsen
barry at vonahsen.com
Thu Sep 1 13:16:55 UTC 2011
generally, yes, the big issue we ran into with selinux was having a web
page be able to gpg a file
I'd add to my list run ssl - for $50 at godaddy (or less other places),
there's almost no reason not to
-barry
On 8/31/2011 11:26 PM, Kevin wrote:
> On CentOS/RHEL, SELinux is actually not all that bad. Certainly on any
> system I was hardening, I would enable it.
>
> On Wed, Aug 31, 2011 at 18:36, Barry Von Ahsen<barry at vonahsen.com> wrote:
>> generally I:
>>
>> * don't load/remove modules I don't need
>> * remove the dumb default .conf files my distro adds (centos/rhel)
>> * run mod_security
>> * run php-suhosin
>>
>> in theory, also run selinux/apparmor, but it's usually been more trouble
>> than it's worth
>>
>> -barry
>>
>>
>>
>>
>> On 08/30/2011 04:51 PM, T. J. Brumfield wrote:
>>>
>>> I've tried to keep up on best practices over the years, but I'm always
>>> wondering if there are tips and tricks out there that I'm not aware of,
>>> especially when it comes to securing a web server.
>>>
>>> If you were putting together a standard for a web Linux server today, what
>>> would you recommend?
>>>
>>> -- T. J. Brumfield
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://lists.olug.org/mailman/listinfo/olug
>>
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
>>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
More information about the OLUG
mailing list