Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Easiest way to segment an existing apache server by vhost?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Philippe23
Tux's lil' helper
Tux's lil' helper


Joined: 20 Dec 2006
Posts: 115
Location: Rome, NY

PostPosted: Tue Sep 23, 2014 2:34 pm    Post subject: Easiest way to segment an existing apache server by vhost? Reply with quote

Looking for a path of least resistance. I have a long existing server that serves up several websites (different domains) including some HTTPS sites all from one IP.

Currently apache runs as a single user for all vhosts and there are no jails or anything else.

Most sites use PHP (WordPress, Wikis, even some custom code), some use external programs like imagemagick, gd, etc.

I trust everyone who has accounts on the site, but recently an external party figured out how to trick a script into writing new files into directories writable by the apache process. I'd like to make it so that in the future if a vulnerability is found in one vhost, that damage is contained to that single vhost.

The hardware is lightweight, a quad-core Phenom II, 4GB of RAM and a single hard-drive.

What's the easiest method to segment these vhosts from each other? Preferably one that doesn't need more resources than I have and one that isn't horribly oppressive (requiring fidgeting to get access to things like imagemagick or "sendmail").

Thanks a ton!
Back to top
View user's profile Send private message
py-ro
Veteran
Veteran


Joined: 24 Sep 2002
Posts: 1733
Location: St. Wendel

PostPosted: Tue Sep 23, 2014 2:43 pm    Post subject: Reply with quote

Try mpm_itk, should do what you want, with least needed editing of your config.

There even is a USE-Flag for it.

Bye
Py
Back to top
View user's profile Send private message
Philippe23
Tux's lil' helper
Tux's lil' helper


Joined: 20 Dec 2006
Posts: 115
Location: Rome, NY

PostPosted: Sun Oct 05, 2014 7:53 pm    Post subject: Reply with quote

By the way, I switched over to ITK this weekend. Thanks for the suggestion py-ro!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum