保护Linux Web服务器以供公众访问 [英] Securing a linux webserver for public access
问题描述
我想设置一个廉价的Linux盒子作为Web服务器来承载各种Web技术(想到了PHP& Java EE,但我想将来尝试使用Ruby或Python,出色地).
I'd like to set up a cheap Linux box as a web server to host a variety of web technologies (PHP & Java EE come to mind, but I'd like to experiment with Ruby or Python in the future as well).
我非常精通将Tomcat设置为在Linux上运行以服务Java EE应用程序,但是我希望能够打开此服务器,即使这样我也可以创建一些我可以在使用时使用的工具在办公室工作.我在配置Java EE站点方面的所有经验都是针对Intranet应用程序的,我们被告知不要专注于保护外部用户页面的安全.
I'm fairly versed in setting up Tomcat to run on Linux for serving up Java EE applications, but I'd like to be able to open this server up, even just so I can create some tools I can use while I am working in the office. All the experience I've had with configuring Java EE sites has all been for intranet applications where we were told not to focus on securing the pages for external users.
您对以足够安全的方式设置个人Linux Web服务器以打开外部流量的建议是什么?
What is your advice on setting up a personal Linux web server in a secure enough way to open it up for external traffic?
推荐答案
本文提供了一些将内容锁定的最佳方法:
This article has some of the best ways to lock things down:
http://www.petefreitag.com/item/505.cfm
一些亮点:
- 确保没有人可以浏览目录
- 确保只有root拥有对所有内容的写入权限,并且只有root具有对某些配置文件的读取权限
- 运行mod_security
本文还从本书中获得了一些提示:
The article also takes some pointers from this book:
Apache Securiy (O'Reilly Press)
Apache Securiy (O'Reilly Press)
就发行版而言,我已经运行过Debain和Ubuntu,但这仅取决于您要执行多少操作.我在没有X的情况下运行Debian,并在需要任何东西时将它切入.这是降低开销的一种简单方法.或者Ubuntu拥有一些不错的GUI功能,可以轻松控制Apache/MySQL/PHP.
As far as distros, I've run Debain and Ubuntu, but it just depends on how much you want to do. I ran Debian with no X and just ssh'd into it whenever i needed anything. That is a simple way to keep overhead down. Or Ubuntu has some nice GUI things that make it easy to control Apache/MySQL/PHP.
这篇关于保护Linux Web服务器以供公众访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
