Linux Web Server Security

James D. Keeline <James@Keeline.com>
http://ITeachPHP.com/

Security has always been a concern for System Administrators. As the numbers and sources of threats have increased, greater emphasis is being placed on security issues. This class will focus on security issues which affect the server, specifically a server running the Red Hat Linux Operating System and Apache web server software. We will also discuss several of the recent attacks on Microsoft servers (CodeRed, Nimda, SQL Server Worm) and note how they affect a Linux server.

Since Linux is essentially self-documenting and there are many good tutorials resources on the Internet, no specific textbook will be used in this class.  However, if you would like to purchase a reference, some good ones are:

• Apache Pocket Reference (O'Reilly, 2000)
• Linux Pocket Guide (O'Reilly, 2004)
• Linux iptables Pocket Reference (O'Reilly, 2004)
• Linux Server Hacks (O'Reilly, 2003)
• Network Security Hacks (O'Reilly, 2004)
• Linux Network Administrator's Guide (O'Reilly, 1995)
• Hacking Linux Exposed (McGraw-Hill, 2001)
• Hacking Exposed, 3rd Ed. (McGraw-Hill, 2001)
• Hacking Web Applications Exposed (McGraw-Hill, 2002)
• Real World Linux Security (Prentice Hall, 2001)
• Professional Apache (Wrox, 1999)

Some of the web resources we will use are:

Red Hat Linux:	http://www.redhat.com/
	http://fedora.redhat.com/
Apache Web Server:	http://en.tldp.org/HOWTO/Apache-Overview-HOWTO.html
Vi Editor:	http://www.unb.ca/documentation/UNIX/tips/vim/
Virtual Hosting:	http://httpd.apache.org/docs/vhosts/
Bash Programming:	http://en.tldp.org/LDP/abs/html/
Linux Tutorials:	http://en.tldp.org/
	http://www.yolinux.com/
Certification:	http://www.brainbench.com/
	http://www.lpi.org/
	http://www.redhat.com/training/rhce/courses/
Security Sites:	http://www.LinuxSecurity.com/
	http://www.sans.org/top20/top20.pdf
	http://www.cert.org/
	http://www.securityfocus.com/
	http://trinux.sourceforge.net/
	http://www.grc.com/
	http://www.chkrootkit.org/
	http://www.nsa.gov/selinux/

Planned Topics (subject to change depending on pace of class):

1. Why would anyone want to hack my computer?
2. Basic Security Philosophy
   • Install and run only the server programs you absolutely need
   • Keep all software up to date with regard to security and bug fixes
   • Configure server programs with security in mind
   • Limit and monitor root access whenever possible
   • Close all ports except those which are absolutely necessary
   • Understand and monitor logfiles
   • Monitor filesystem for evidence of intrusion
   • Monitor network traffic for evidence of hacking attempts
3. Security Considerations for Installation
4. Red Hat Network (up2date)
5. Manual installation of software from source code and RPM

1. Configuration of required server software (sshd)
2. Limit root access (su, sudo, suexec)
3. Use a firewall to close all but essential ports (ipchains, iptables, lokkit, shorewall)

1. Monitor filesystem (tripwire)
2. Intrusion Detection Systems (snort)
3. Security audit software and websites