Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Dec 2005 23:53:06 -0500
From:      "Tamouh H." <hakmi@rogers.com>
To:        "'FreeBSD'" <freebsd-questions@freebsd.org>
Subject:   RE: Insecure Web App Hosting
Message-ID:  <20051215045249.C993543D53@mx1.FreeBSD.org>
In-Reply-To: <e572718c0512141631h102c2620kb51ac8954894b21f@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
  On 12/15/05, Mike Esquardez <mikeala3@hotmail.com> wrote:
> > i have to install a server that will host a "test drive" of
> a web app
> > on the internet. from my inital look at the app, it looks
> like it will
> > be a target to be exploited. i am not involved with the
> code so fixing
> > it is not an option. what i would like to try and do is
> host it in a
> > manner where i can minimize the risk and damage. it will only have
> > sample data and it doesnt have to be "live". some ideas i have-
> >
> > automate disk imaging or rsync.
> > read only filesystem.
> > integrity tool.
> > live cd version of the app.
> >
> > any other ideas?????
>

If this Web App depends on Apache/PHP/mySQL then you'll need a module like
mod_security for Apache and use rules from gotroot.com to secure against SQL
injections...etc.

I'd actually do the following:

1) Secure your Kernel
2) IPFW and close the server down except to services you need
3) run rkhunter as cron to scan against problems
4) run the mod_security for Apache and make sure your PHP/Apache processes
are configured properly.
5) Lastly, do backups ;-)

Tamouh






Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051215045249.C993543D53>