Securing a Linux Web Server in 10 Steps or Less
Learn the basic approaches to securing linux based web servers without getting too technical. This talk will be useful for anyone running a linux server with full root access.
You don’t need to be an experienced system administrator to understand and use the content of this talk. But if you are a full time system admin you will get to know a structured way of looking at server security.
The following types of servers running Linux
Virtual Private Server/Dedicated Server/Rackspace Cloud Instance/Amazon EC2
Not going to help if you have your website on Shared servers like
Dreamhost/Go Daddy/Host Gator
You will learn the holistic way of securing a linux server which can serve web sites. The 80/20 rule about hardening your linux web server with minimal effort.
*In Brief This is what we will cover *
- Reducing the attack surface.
- Patching and Updates
- Securing Secure Shell Access
- Securing Apache
- Securing MySQL
- Logging and Monitoring
- Setting up a basic firewall
Not going to be covered ( Mostly because of lack of time and ROI )
- Securing Email Servers
- Setting up VPNs
- Protecting Against Denial of Service Attacks
- Setting up SELinux, GRSec, Custom Kernels
- Chroot Jails
- DNS Server
Not Going to Discuss
- Why Ubuntu and why not <INSERT FAV. DISTRO>
- Why Not BSD
- Why Apache and why not <INSERT FAV. WEB SERVER>
An open mind, a sense of humour.
Good To Have
- Bring a laptop running Ubuntu Server 10.04 LTS if you want to try out things.
- Refresh your understanding of the TCP/IP Stack
- Get a notebook to take notes
- You should have some idea what the following words mean
SSH, Apache, Web Server, Database Server, MySQL, BASH, Command Line
I freelance as a Web Security Consultant. I help companies become secure by helping them understand approaches to security for servers, web applications, user data and sometimes their network.
- Checklist/Workbook you can use.
- Download PDF from