Document Actions
Securing LAMP
| What | Workshop |
|---|---|
| When |
May 24, 2006 from 20:00 to 23:00 |
| Where | ASCII |
| Contact Email | decoy@lo-res.org |
LAMP - standing for Linux, Apache, MYSQL, PHP - is the choice of the day for self-run or low budget and maintenance web-content platforms. This setup is so widespread and haphazardly operated in many cases, that it includes a lot of security risks which can lead to defaced webpages and even compromised servers. We want to take a critical look at how to make such a platform more secure.
These days there are many "out of the box" LAMP setups which allow
even an inexperienced operator to set up a web-content platform. What
many people miss though, is a basic understanding of Linux/UNIX system
security. There are many ways to make a LAMP setup more secure, both
integral to the applications at hand, and external in terms of system
security. We want to introduce you to a few methods on how to make your
latest self-contained web platform more safe from outside interference.
Topics covered:
- System Security: Permissions, Users and Jails
- Securing Apache: Access restrictions for webservers
- Safer MYSQL: How to make your MYSQL database less vulnerable
- Securing PHP: Options to keep PHP in check for damage control
Prerequisites: To understand this course you should be at least cursorily familiar with any kind of LAMP setup, for example a CMS like Drupal or Midgard. Also, a basic working knowledge of Linux/UNIX permission structure and system priviledges is assumed. If all of this means nothing to you, you can still follow the course out of pure interest of course.
Links:
Step by Step Apache Security
Step by Step MySQL Security
Step by Step PHP Security
mod-security documentation
mod-security presentation pdf
Securing Apache pdf