Date: Tue, 14 May 2002 09:29:44 +0200 From: Jens Rehsack <rehsack@liwing.de> To: Gunnar Flygt <flygt@sr.se> Cc: freebsd-security@freebsd.org Subject: Re: Secure installation of Apache on 4.5 Message-ID: <3CE0BCE8.D6B258F3@liwing.de> References: <20020514051330.B33845@sr.se>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------00EC553232E3C84D231364F4 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Gunnar Flygt wrote: > > What would be an secure approach to running Apache with Java-Tomcat on a > FreeBSD 4.5 (or higher) > > Should I install Apache the default port way, or? And the same for the > java parts. I choose patch the makefile and the apache.sh start script (as attached). It's not a chroot-env, but without s-bits and a listening port higher 1024 - what can a user without a shell and a home-dir do? Delete it's owned files? 'tar xf backup'. With Tomcat I do not have any expirience, sorry. Jens Rehsack > -- > __o > regards, Gunnar ---_ \<,_ > email: flygt@sr.se ---- (_)/ (_) > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- L i W W W i Jens Rehsack L W W W L i W W W W i nnn gggg LiWing IT-Services L i W W W W i n n g g LLLL i W W i n n g g Friesenstraße 2 gggg 06112 Halle g g g Tel.: +49 - 3 45 - 5 17 05 91 ggg e-Mail: <rehsack@liwing.de> Fax: +49 - 3 45 - 5 17 05 92 http://www.liwing.de/ --------------00EC553232E3C84D231364F4 Content-Type: application/x-sh; name="apache.sh" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="apache.sh" #!/bin/sh case "$1" in start) touch /var/log/httpd-access.log chmod 600 /var/log/httpd-access.log chown www:www /var/log/httpd-access.log touch /var/log/httpd-script.log chmod 600 /var/log/httpd-script.log chown www:www /var/log/httpd-script.log touch /var/log/httpd-error.log chmod 600 /var/log/httpd-error.log chown www:www /var/log/httpd-error.log touch /var/run/httpd.pid chmod 600 /var/run/httpd.pid chown www:www /var/run/httpd.pid [ -x /usr/local/sbin/apachectl ] && { su -m www -c \ '/usr/local/sbin/apachectl start > /dev/null' echo -n ' apache' } ;; stop) [ -r /var/run/httpd.pid ] && /usr/local/sbin/apachectl stop > /dev/null && echo -n ' apache' ;; *) echo "Usage: `basename $0` {start|stop}" >&2 ;; esac exit 0 --------------00EC553232E3C84D231364F4-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CE0BCE8.D6B258F3>