[olug] Building a web server for both security and performance in 2011
Kevin
sharpestmarble at gmail.com
Thu Sep 1 14:35:24 UTC 2011
Does StartSSL present a warning to unmomdified IE/Firefox/Safari/Chrome?
On Thu, Sep 1, 2011 at 09:18, Lou Duchez <lou at paprikash.com> wrote:
> I've been experimenting with SSL from startssl.com. It's free, and it seems
> to work well enough so far.
>
> Also, where my Web apps require a login / password, I try to hook them into
> Fail2Ban, so that repetitive failed logins trigger a temporary IP ban and an
> E-Mail to the admin.
>
>> generally, yes, the big issue we ran into with selinux was having a web
>> page be able to gpg a file
>>
>>
>> I'd add to my list run ssl - for $50 at godaddy (or less other places),
>> there's almost no reason not to
>>
>>
>>
>> -barry
>>
>>
>>
>>
>> On 8/31/2011 11:26 PM, Kevin wrote:
>>>
>>> On CentOS/RHEL, SELinux is actually not all that bad. Certainly on any
>>> system I was hardening, I would enable it.
>>>
>>> On Wed, Aug 31, 2011 at 18:36, Barry Von Ahsen<barry at vonahsen.com>
>>> wrote:
>>>>
>>>> generally I:
>>>>
>>>> * don't load/remove modules I don't need
>>>> * remove the dumb default .conf files my distro adds (centos/rhel)
>>>> * run mod_security
>>>> * run php-suhosin
>>>>
>>>> in theory, also run selinux/apparmor, but it's usually been more trouble
>>>> than it's worth
>>>>
>>>> -barry
>>>>
>>>>
>>>>
>>>>
>>>> On 08/30/2011 04:51 PM, T. J. Brumfield wrote:
>>>>>
>>>>> I've tried to keep up on best practices over the years, but I'm always
>>>>> wondering if there are tips and tricks out there that I'm not aware of,
>>>>> especially when it comes to securing a web server.
>>>>>
>>>>> If you were putting together a standard for a web Linux server today,
>>>>> what
>>>>> would you recommend?
>>>>>
>>>>> -- T. J. Brumfield
>>>>> _______________________________________________
>>>>> OLUG mailing list
>>>>> OLUG at olug.org
>>>>> https://lists.olug.org/mailman/listinfo/olug
>>>>
>>>> _______________________________________________
>>>> OLUG mailing list
>>>> OLUG at olug.org
>>>> https://lists.olug.org/mailman/listinfo/olug
>>>>
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://lists.olug.org/mailman/listinfo/olug
>>
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>
More information about the OLUG
mailing list