Reply With QuoteHello, It sounds like you're on the right track here. If you don't mind reading alittle, http://www.intersectalliance.com/pro...fig/index.html This article has some up to date, good info on apache security.
System security is also important. Just make sure you're not running any services you don't absolutley need and keep your box as up-to-date as you can with the latest packages and patches.
Firewalling is good but is only one part of "security" plan. I personally like the iptables/portsentry/snort/chkrootkit configuration. There's a very good portsentry PET on this board and the rest can be found with a quick google search. Chkrootkit can also be run from cron if you wish. As far as scanners go, get yourself a copy of Nmap if you don't already have one. It's very useful for finding weaknesses in your firewall. There's alot of other technologies out there too like tripwire, LIDS, nessus, etc...It depends on how far you want take this whole "security thing" ;D
I don't know how many computers you have, but if you have a couple, maybe consider running your web server on a different box than your firewall box for added security and put the web server in a DMZ.
Bookmarks