Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Server firewall rules questions, ipv4, general sec
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
faemin
n00b
n00b


Joined: 16 Oct 2012
Posts: 22
PostPosted: Sat Dec 01, 2012 6:11 am    Post subject: Server firewall rules questions, ipv4, general sec Reply with quote
...

Last edited by faemin on Sun Dec 02, 2012 9:43 pm; edited 2 times in total
Back to top
View user's profile Send private message
phajdan.jr
Retired Dev
Retired Dev


Joined: 23 Mar 2006
Posts: 1777
Location: Poland
PostPosted: Sun Dec 02, 2012 5:52 am    Post subject: Re: Server Security, networking, ids--numerous question back Reply with quote
faemin wrote:
There are numerous web applications. These are my highest security concern. we have wsgi and also php, and now another python server. I can't seem to get the wsgi app to run as another user--it seems that is only possible when apache is running as root?!


Oh, man, these can get really bad. Try to isolate them as much as possible, from each other and from the underlying system. To change uids you need root privileges. As long as they are dropped before processing untrusted data, it's OK (note: I'm not an expert on particular example of apache; this is just a general idea).

faemin wrote:
Finally, I will likely begin to have untrusted users having shell access.


Seriously consider grsecurity then (part of hardened-sources), including things like Trusted Path Execution and other hardening features there like PaX.

faemin wrote:
PPS What is the best console based log analyzer? I am using logcheck, and it never detects anything!


A login failure should appear in logcheck. Unless it's perfectly tuned for your system and unusual things never happen on your server, you should see some messages. I happen to be maintaing logcheck in Gentoo. :D Have you followed the logcheck guide at http://www.gentoo.org/doc/en/logcheck.xml ?
_________________
http://phajdan-jr.blogspot.com/
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy