Language Selection

English French German Italian Portuguese Spanish

Quick Guide to Securing a Lamp Server

Filed under
Howtos

In the last few years on the Internet the price of dedicated servers have went down and more people are beginning to use them for their sites, game servers, or small hosting companies. With this comes as I was talking about in my last article inexperienced admins. Lots of people I spoke too are too intimated by the linux shell and try to administer their server completely from the control panel.
This short guide will show you a few copy and paste walkthroughs you can use to help secure your server, these should work with any control panel, the mod security update script however is only for apache2. Using these tools and using basic security procedures will help you keep your server secure and free of hackers, spammers, and other annoyances.

Using linux as a personal desktop helps a lot as well as it gets you used to using the command line. The other extremely valuable tool is google. I would probably be nowhere without google. You can look stuff up as you go and find about any answer to any question you may have, Plus there is lots of walkthroughs just like this one I am just putting all the basic ones together.

OK this is not a complete guide but those who are less experienced should be able to follow these walkthroughs and make their server more secure then it was before.
First thing, install apf, bfd, and dos deflate. Complete walkthrough HERE
Note: Dos deflate will not work with debian unless you disable ipv6.

Next install modsecurity using the simple guide from eth0.us, guide can be found HERE

After you install mod security make a directory in /etc called modsecurity. Use my update script found HERE (apache2 only)
This will get all the latest rules from gotroot.com when you have them at the bottom of the mod security configuration in httpd.conf put
Include /etc/modsecurity/apache2/rulename.conf
I suggest using them all besides rules.conf as it gives lots of false positives.

Now if you have shell users or are running redhat, fedora, or debian you most likely need to update your kernel. Now this isn't as hard as you would think, with this copy and paste guide I made that is all you have to do is copy and paste, same as these other tutorials.
The guide can be found HERE. I will be making one for debian soon but you just use any basic debian kernel how to and patch the kernel the same way as you do in this one.

Once you have modsecurity installed keep an eye on the audit log to make sure it is not giving any false positives or blocking legitimate web apps. With the ruleset and rules you have included it should not unless someone is using some oddball web app.
None of these will make your server totally secure, it takes basic security practices such as using strong passwords, not using the same password for everything, and keeping up with all the latest exploitrs and hacking methods.

If you ever get hacked don't go ranting about how you are gonna prosecute so and so, go find out how they done it, how they got in, and what you can do to prevent it again. You will most likely never track down the hackers and the FBI most likely will not care so secure your system and make sure it does not happen again. As I have explained before defacers can actually be helpful to admins. That's about it, good luck and stay on your toes.

More in Tux Machines

Android Leftovers

  • iPhones are much more likely to 'fail' than Androids
    Apple's once glittering reputation for quality took quite a few hits during the last few years, especially when it comes to iOS, the software that runs on iPhones. In some cases, recurrent software bugs have plagued users with issues such as the inability to use Wi-Fi, frequent crashes, and ridiculously short battery life. This week reports surfaced about a hardware flaw that makes some iPhone 6 screens inoperable. (Apple hasn't confirmed any related problems.) It's hard to tell how widespread some of these issues are, but a new report from a company that monitors smartphone quality suggests iPhones are far more likely to "fail" or suffer serious glitches than Android phones. The Blancco Technology Group says it collected performance data from millions of mobile phones during the second quarter of 2016, and it found that iPhones had an overall failure rate of 58 percent, compared to just 35 percent failure for Android devices. The term "failure" doesn’t necessarily mean that the phone has become a brick, according to Blancco. Instead, it means the device or software running on the device suffered some serious problem.
  • Maru OS is now open source (Turns Android phones into Linux desktops)
    Maru OS is a software project that lets you plug an Android phone into an external display to run desktop Linux software. First unveiled earlier this year, the software is very much a work-in-progress. Initially it only supported one phone: the Google Nexus 5. But things could get a lot more interesting soon, because the developer behind Maru OS has finished open sourcing the project and a group of developers are planning to start porting the software to run on additional devices.
  • Maru OS wants to turn your phone into a desktop with its latest open source build
    Not to be confused with Maru the adorable YouTube cat, Maru OS, the bite-sized Android add-on that turns your phone into a desktop, just went open source. Maru OS doesn’t change much about the way your phone operates on its own, but once you connect a desktop monitor via a slimport cable, Maru really comes to life. When connected to a display, Maru OS allows you to run a desktop Linux environment straight from your phone. Your phone is still a phone, it’ll take calls, send texts and do everything else it normally does, even while it’s connected to a desktop monitor running Linux on the side. It’s an interesting concept, but it’s still very much a work in progress. Today’s announcement could help move things along for Maru.

Leftovers: OSS and Sharing

  • Oracle reveals Java Applet API deprecation plan
    Oracle has revealed its interim plan to help Java devs deal with browser-makers' imminent banishment of plug-ins. Years of bugs in Java, Flash and other plugins have led browser-makers to give up on plugins. Apple recently decided that its Safari browser will just pretend Java, Flash and Silverlight aren't installed. Google has announced it will soon just not run any Flash content in its Chrome browser. Oracle saw this movement coming and in January 2016 announced it would “deprecate the Java browser plugin in JDK 9”
  • Marist College, Rockefeller Archive Center Partner on Open Source Digital Archival Tech
    Marist College and the Rockefeller Archive Center (RAC) in New York have partnered to develop and implement an open source digital records management system to support researchers, archival staff and the broader archival community. [...] At the same time, one of the goals of Marist College "is to offer open source technologies, such as Liferay and Blockchain, to like-minded organizations that create a lasting impact on our community," said Bill Thirsk, vice president of information technology and CIO at the college, in a news release.
  • Facebook is scrambling to catch up to Google in open-sourcing AI code
    In artificial intelligence research, free code garners goodwill from the community, talent, and bragging rights. So it’s no surprise that many of the companies investing in AI, like Facebook and Google, are racing to make their code open source early and often.
  • Open Source AI is On Fire, and Facebook Has the Latest Contributions
    In the latest move, Facebook is open sourcing three tools that the company uses internally for machine vision.
  • New Open Source Milestones for Microsoft [Ed: Puff pieces distracting from patent attacks on Linux]
  • Friday Free Software Directory IRC meetup: August 26th
  • The Licensing and Compliance Lab interviews Stefano Zacchiroli of Software Heritage
    Software Heritage is a recently announced non-profit initiative to archive, organize, and share all publicly available software source code. Stefano Zacchiroli is a co-founder and current CTO of the Software Heritage project. He is a Board Director of the Open Source Initiative, member of FSF's High Priority Projects committee, and former 3-times Debian Project Leader.
  • Uganda to cut costs with open source software
    Some of the FOSS customizable applications on the market include Word Press, Mozilla Firefox, and open office among others. The applications can be used to create websites, marketing business ideas, and conduct online business. Most startups find it difficult to break through but creation of an online presence has made some business gain faster traction. James Saaka, the NITA-U executive director, said government struggles to pay licenses to use programmes from Microsoft, Oracle which is so expensive to maintain.
  • Preserving languages and cultures in India: The birth of the Tulu Wikipedia
    After eight years of effort and outreach, the Tulu language Wikipedia has gone live. Wikimedia contributors play a key role in preserving languages and cultures, and tools like the Wikimedia Incubator help new projects like the Tulu Wikipedia get started. Tulu is a language spoken by three to five million people in the states of Karnataka and Kerala in the southwest and south India respectively, and by some people in the US and in Gulf countries. Tulu Wikipedia is the 294th Wikipedia and the 23rd South Asian language Wikipedia. The Tulu Wikipedia grew in the Wikimedia Incubator for about eight years before going online. So far, 198 editors have contributed 1285 articles, and the active editors that have more than 5 edits per month in the project number between 5-10 on average.

Having offended everyone else in the world, Linus Torvalds calls own lawyers a 'nasty festering disease'

Coding curmudgeon Linus Torvalds has gone off on yet another rant: this time against his own lawyers and free software activist Bradley Kuhn. On a mailing list about an upcoming Linux conference, a discussion about whether to include a session on the GPL that protects the open source operating system quickly devolved in an angry rant as its founder piled in. Read more