From owner-freebsd-questions@FreeBSD.ORG  Thu Dec 15 04:52:50 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 69DC716A41F
	for <freebsd-questions@freebsd.org>;
	Thu, 15 Dec 2005 04:52:50 +0000 (GMT)
	(envelope-from hakmi@rogers.com)
Received: from smtp101.rog.mail.re2.yahoo.com (smtp101.rog.mail.re2.yahoo.com
	[206.190.36.79]) by mx1.FreeBSD.org (Postfix) with SMTP id C993543D53
	for <freebsd-questions@freebsd.org>;
	Thu, 15 Dec 2005 04:52:49 +0000 (GMT)
	(envelope-from hakmi@rogers.com)
Received: (qmail 90746 invoked from network); 15 Dec 2005 04:52:49 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=rogers.com;
	h=Received:From:To:Subject:Date:X-Mailer:X-MimeOLE:In-Reply-To:Thread-Index;
	b=n2LwBRWzHewPl23y1eyqdKnLfzVWE7gFMHj9xqAu+7GbJg2FzircSiDQTYSHkThuusjFAVzQ1M6X7MosCjXhLQRk3xXGMu0B8fvNwFOfTL4SqYWhNtIZucqEteU+q9QYedpnrxXYb7u9OMz0jYIr9/zj960/oTXC+u3qqtGdDVI=
	; 
Received: from unknown (HELO tamouh) (hakmi@rogers.com@70.27.160.99 with login)
	by smtp101.rog.mail.re2.yahoo.com with SMTP; 15 Dec 2005 04:52:49 -0000
From: "Tamouh H." <hakmi@rogers.com>
To: "'FreeBSD'" <freebsd-questions@freebsd.org>
Date: Wed, 14 Dec 2005 23:53:06 -0500
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
In-Reply-To: <e572718c0512141631h102c2620kb51ac8954894b21f@mail.gmail.com>
Thread-Index: AcYBDvlH/XEWXEKvSpaV7BFZWNOXHwAI2cMA
Message-Id: <20051215045249.C993543D53@mx1.FreeBSD.org>
Subject: RE: Insecure Web App Hosting
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Dec 2005 04:52:50 -0000

  On 12/15/05, Mike Esquardez <mikeala3@hotmail.com> wrote:
> > i have to install a server that will host a "test drive" of
> a web app
> > on the internet. from my inital look at the app, it looks
> like it will
> > be a target to be exploited. i am not involved with the
> code so fixing
> > it is not an option. what i would like to try and do is
> host it in a
> > manner where i can minimize the risk and damage. it will only have
> > sample data and it doesnt have to be "live". some ideas i have-
> >
> > automate disk imaging or rsync.
> > read only filesystem.
> > integrity tool.
> > live cd version of the app.
> >
> > any other ideas?????
>

If this Web App depends on Apache/PHP/mySQL then you'll need a module like
mod_security for Apache and use rules from gotroot.com to secure against SQL
injections...etc.

I'd actually do the following:

1) Secure your Kernel
2) IPFW and close the server down except to services you need
3) run rkhunter as cron to scan against problems
4) run the mod_security for Apache and make sure your PHP/Apache processes
are configured properly.
5) Lastly, do backups ;-)

Tamouh