HPE Community
Operating System - Linux
1828579 Members
2218 Online
109982 Solutions
New Discussion

Re: Apache User Check

 
girishb
Frequent Advisor

‎09-11-2006 09:28 AM

‎09-11-2006 09:28 AM

Apache User Check

Hi,

We have Apache Web Server installed on Redhat Enterprise Linux, the web server is hosting our company website.

I'm new to web server services. I would like to know, how do we check on what user the web server is running.

Also how do I make it secure.

Thanks in advance for the responses.

Regards
Girish

0 Kudos
8 REPLIES 8
Ivan Ferreira
Honored Contributor

‎09-11-2006 10:07 AM

‎09-11-2006 10:07 AM

Re: Apache User Check

You can use:

ps auxw |grep httpd

To identify the user that runs tha httpd process.

You can also check the httpd.conf for the options:

User
Group

Normally will be set to Apache.

There are a lot of books about how to secure apache. If you have lucky enough, you can find some ebooks for free.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Steven E. Protter
Exalted Contributor

‎09-11-2006 01:17 PM

‎09-11-2006 01:17 PM

Re: Apache User Check

Shalom Girish,

As noted apache is usually the owner of the httpd processes.

If you are thinking of changing it, note that the user id of the web server is defined in the /etc/httpd/conf/httpd.conf file.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Vitaly Karasik_1
Honored Contributor

‎09-11-2006 07:29 PM

‎09-11-2006 07:29 PM

Re: Apache User Check


And as for Apache hardening - it's not so trivial, if you take into account dynamic sites with PHP/DB and so on.
But for start:
RHEL manual http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-guide/

and
http://xianshield.org/guides/apache2.0guide.html
0 Kudos
girishb
Frequent Advisor

‎09-12-2006 12:20 AM

‎09-12-2006 12:20 AM

Re: Apache User Check

Thanks folks for the response.

I found the webserver is being run by user "nobody" . I hope it to be safe.

0 Kudos
Matti_Kurkela
Honored Contributor

‎09-12-2006 01:10 AM

‎09-12-2006 01:10 AM

Re: Apache User Check

Some basic points to making Apache secure:

* Most of Apache's functionality is split into different modules. Usually the default configuration includes modules you don't need in your specific situation. Disable the modules you don't need: it makes your configuration simpler to handle, and reducing the amount of running code will also reduce the possibility of security holes.

* Know where Apache (and the scripts and/or CGI programs) needs to be able to write. Then keep the file permissions strict, so that Apache can write to only those files and directories it is required to write, and nowhere else.

* If you create scripts to process input from users, *always* assume the user's input is designed with a hostile intent to cause malfunctions in your script until you have checked it for correctness.
MK
0 Kudos
George Liu_4
Trusted Contributor

‎09-13-2006 06:28 AM

‎09-13-2006 06:28 AM

Re: Apache User Check

n typical operation, Apache is started by the root user, and it switches to the user defined by the User directive to serve hits.
0 Kudos
girishb
Frequent Advisor

‎09-13-2006 10:10 AM

‎09-13-2006 10:10 AM

Re: Apache User Check

Thanks all for the reply.
0 Kudos
girishb
Frequent Advisor

‎09-14-2006 08:13 AM

‎09-14-2006 08:13 AM

Re: Apache User Check

Thanks folks.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.