Linux Web Server Security

James D. Keeline <James@Keeline.com>
http://ITeachPHP.com/

Security has always been a concern for System Administrators. As the numbers and sources of threats have increased, greater emphasis is being placed on security issues. This class will focus on security issues which affect the server, specifically a server running the Red Hat Linux Operating System and Apache web server software. We will also discuss several of the recent attacks on Microsoft servers (CodeRed, Nimda, SQL Server Worm) and note how they affect a Linux server.

Since Linux is essentially self-documenting and there are many good tutorials resources on the Internet, no specific textbook will be used in this class.  However, if you would like to purchase a reference, some good ones are:

Some of the web resources we will use are:

Red Hat Linux: http://www.redhat.com/
http://fedora.redhat.com/
Apache Web Server: http://en.tldp.org/HOWTO/Apache-Overview-HOWTO.html
Vi Editor: http://www.unb.ca/documentation/UNIX/tips/vim/
Virtual Hosting: http://httpd.apache.org/docs/vhosts/
Bash Programming: http://en.tldp.org/LDP/abs/html/
Linux Tutorials: http://en.tldp.org/
http://www.yolinux.com/
Certification: http://www.brainbench.com/
http://www.lpi.org/
http://www.redhat.com/training/rhce/courses/
Security Sites: http://www.LinuxSecurity.com/
http://www.sans.org/top20/top20.pdf
http://www.cert.org/
http://www.securityfocus.com/
http://trinux.sourceforge.net/
http://www.grc.com/
http://www.chkrootkit.org/
http://www.nsa.gov/selinux/








Planned Topics (subject to change depending on pace of class):

Day 1
  1. Why would anyone want to hack my computer?
  2. Basic Security Philosophy
  3. Security Considerations for Installation
  4. Red Hat Network (up2date)
  5. Manual installation of software from source code and RPM

Day 2
  1. Configuration of required server software (sshd)
  2. Limit root access (su, sudo, suexec)
  3. Use a firewall to close all but essential ports (ipchains, iptables, lokkit, shorewall)

Day 3
  1. Monitor filesystem (tripwire)
  2. Intrusion Detection Systems (snort)
  3. Security audit software and websites