Date: Tue, 14 May 2002 09:29:44 +0200 From: Jens Rehsack <rehsack@liwing.de> To: Gunnar Flygt <flygt@sr.se> Cc: freebsd-security@freebsd.org Subject: Re: Secure installation of Apache on 4.5 Message-ID: <3CE0BCE8.D6B258F3@liwing.de> References: <20020514051330.B33845@sr.se>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------00EC553232E3C84D231364F4
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Gunnar Flygt wrote:
>
> What would be an secure approach to running Apache with Java-Tomcat on a
> FreeBSD 4.5 (or higher)
>
> Should I install Apache the default port way, or? And the same for the
> java parts.
I choose patch the makefile and the apache.sh start script (as attached).
It's not a chroot-env, but without s-bits and a listening port higher
1024 - what can a user without a shell and a home-dir do? Delete it's owned
files? 'tar xf backup'.
With Tomcat I do not have any expirience, sorry.
Jens Rehsack
> --
> __o
> regards, Gunnar ---_ \<,_
> email: flygt@sr.se ---- (_)/ (_)
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
--
L i W W W i Jens Rehsack
L W W W
L i W W W W i nnn gggg LiWing IT-Services
L i W W W W i n n g g
LLLL i W W i n n g g Friesenstraße 2
gggg 06112 Halle
g
g g
Tel.: +49 - 3 45 - 5 17 05 91 ggg e-Mail: <rehsack@liwing.de>
Fax: +49 - 3 45 - 5 17 05 92 http://www.liwing.de/
--------------00EC553232E3C84D231364F4
Content-Type: application/x-sh;
name="apache.sh"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="apache.sh"
#!/bin/sh
case "$1" in
start)
touch /var/log/httpd-access.log
chmod 600 /var/log/httpd-access.log
chown www:www /var/log/httpd-access.log
touch /var/log/httpd-script.log
chmod 600 /var/log/httpd-script.log
chown www:www /var/log/httpd-script.log
touch /var/log/httpd-error.log
chmod 600 /var/log/httpd-error.log
chown www:www /var/log/httpd-error.log
touch /var/run/httpd.pid
chmod 600 /var/run/httpd.pid
chown www:www /var/run/httpd.pid
[ -x /usr/local/sbin/apachectl ] && {
su -m www -c \
'/usr/local/sbin/apachectl start > /dev/null'
echo -n ' apache'
}
;;
stop)
[ -r /var/run/httpd.pid ] && /usr/local/sbin/apachectl stop > /dev/null && echo -n ' apache'
;;
*)
echo "Usage: `basename $0` {start|stop}" >&2
;;
esac
exit 0
--------------00EC553232E3C84D231364F4--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CE0BCE8.D6B258F3>