[olug] Building a web server for both security and performance in 2011

Lou Duchez lou at paprikash.com
Thu Sep 1 14:18:31 UTC 2011


I've been experimenting with SSL from startssl.com.  It's free, and it 
seems to work well enough so far.

Also, where my Web apps require a login / password, I try to hook them 
into Fail2Ban, so that repetitive failed logins trigger a temporary IP 
ban and an E-Mail to the admin.

> generally, yes, the big issue we ran into with selinux was having a 
> web page be able to gpg a file
>
>
> I'd add to my list run ssl - for $50 at godaddy (or less other 
> places), there's almost no reason not to
>
>
>
> -barry
>
>
>
>
> On 8/31/2011 11:26 PM, Kevin wrote:
>> On CentOS/RHEL, SELinux is actually not all that bad. Certainly on any
>> system I was hardening, I would enable it.
>>
>> On Wed, Aug 31, 2011 at 18:36, Barry Von Ahsen<barry at vonahsen.com>  
>> wrote:
>>> generally I:
>>>
>>> * don't load/remove modules I don't need
>>> * remove the dumb default .conf files my distro adds (centos/rhel)
>>> * run mod_security
>>> * run php-suhosin
>>>
>>> in theory, also run selinux/apparmor, but it's usually been more 
>>> trouble
>>> than it's worth
>>>
>>> -barry
>>>
>>>
>>>
>>>
>>> On 08/30/2011 04:51 PM, T. J. Brumfield wrote:
>>>>
>>>> I've tried to keep up on best practices over the years, but I'm always
>>>> wondering if there are tips and tricks out there that I'm not aware 
>>>> of,
>>>> especially when it comes to securing a web server.
>>>>
>>>> If you were putting together a standard for a web Linux server 
>>>> today, what
>>>> would you recommend?
>>>>
>>>> -- T. J. Brumfield
>>>> _______________________________________________
>>>> OLUG mailing list
>>>> OLUG at olug.org
>>>> https://lists.olug.org/mailman/listinfo/olug
>>>
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://lists.olug.org/mailman/listinfo/olug
>>>
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug




More information about the OLUG mailing list