[CentOS] Apache Security

Jim Perrin jperrin at gmail.com
Sat Jul 8 13:14:53 UTC 2006


On 6/22/06, Karanbir Singh <mail-lists at karan.org> wrote:

> sounds like scripts and bad code on the web-doc-root being exploited.
>
> consder enabling SELinux. this is the sort of thing that selinux was
> meant to prevent, and does a very good job of it.

Completely agreed.

The other thing I would add is mod_security from the repository at
centos.karan.org. With a properly updated mod_security ruleset, and
selinux running there's almost nothing that can get through. SElinux
will still allow things to occur that match the allowable apache
behavior even if it's malicious (Think standard sql injection). But
with selinux watching the server, and mod_security filtering the
applications, you'll be nearly as secure as possible.


-- 
This message has been double ROT13 encoded for security. Anyone other
than the intended recipient attempting to decode this message will be
in violation of the DMCA



More information about the CentOS mailing list