HPE Community
Operating System - Linux
1828867 Members
2443 Online
109985 Solutions
New Discussion

How to make Apache more secure

 
Girish_26
Occasional Contributor

‎05-12-2005 05:17 PM

‎05-12-2005 05:17 PM

How to make Apache more secure

Does any one of you have idea of hardening Apache and making more secure to outside world....somebody told u have standard CIS Bemchmark for this....can u check and let me know....
0 Kudos
Reply
6 REPLIES 6
Stuart Browne
Honored Contributor

‎05-12-2005 08:57 PM

‎05-12-2005 08:57 PM

Re: How to make Apache more secure

In what area are you wanting to make it more secure?

Running it in a CHRoot jail so there's no other filesystem info available?

Tieing down the HTML documents so they are more restrictive?

Limiting access to CGI's and other dynamic content?

As for the CIS Benchmark thing, I've never heard of it.
One long-haired git at your service...
0 Kudos
Reply
Naveej.K.A
Honored Contributor

‎05-12-2005 09:35 PM

‎05-12-2005 09:35 PM

Re: How to make Apache more secure

Girish,

Download the CIS benchmarking tool from here

http://www.cisecurity.org/sub_form.html

The Download Files Include

Apache_Benchmark_v1.0.pdf - the Benchmark document contains detailed instructions for implementing the steps necessary for CIS Level-1 and Level-2 security.>

cis_score_tool_apache_v2.0.8.sh.gz - a Host-based Scoring Tool scores the security of a system against the Benchmark and creates a variance report.

Regards,
Naveej
practice makes a man perfect!!!
0 Kudos
Reply
Stuart Browne
Honored Contributor

‎05-13-2005 03:46 AM

‎05-13-2005 03:46 AM

Re: How to make Apache more secure

Well that document sounds like simple common sense to me, but I guess I've been doing this sort of thing for a long time.

That PDF doesn't really lay down many restrictions on what Apache should have in order to pass.
One long-haired git at your service...
0 Kudos
Reply
Jan van den Ende
Honored Contributor

‎05-15-2005 09:10 PM

‎05-15-2005 09:10 PM

Re: How to make Apache more secure

Girish,

I have of course no clue about the 'room to move' you have, but, if you still have a free choice of infrastructure, then you might consider Apache on OpenVMS.

The _ONLY_ available Apache for VMS _IS_ the Secure Web Server.

hth

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
0 Kudos
Reply
Jerome Henry
Honored Contributor

‎05-15-2005 10:08 PM

‎05-15-2005 10:08 PM

Re: How to make Apache more secure

Hi,

Apache team guys aren't little boys, Apache is fairly safe as shipped, but it depends much on what you do with it. Have a nessus try on it, or something more sophisticated like webscarab if you need specific tests.

Security also relies much on what you put on your server... could you tell us more about it ? cgi ? Fast cgi ? perl ? php ? static ?
And son on.

Tks

Rgds

Jerome
You can lean only on what resists you...
0 Kudos
Reply
Gary Cantwell
Honored Contributor

‎05-16-2005 03:02 AM

‎05-16-2005 03:02 AM

Re: How to make Apache more secure

Hi Girish,

Welcome to the forums!

please take a moment to assign points to those who have assisted you:

http://forums1.itrc.hp.com/service/forums/helptips.do?#33

thanks,

Gary
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.