How to install Mod_security

Mod_security Installation There are several ways to install mod_security. Please check out the latest documentation on their website – http://www.modsecurity.org Download http://www.modsecurity.org/download/mod_security-1.7.4.tar.gz # tar xvzf mod_security-1.7.4.tar.gz # cd mod_security-1.7.4/apache2 # /usr/sbin/apxs -cia mod_security.c At the end of the compile: “[activating module `security’ in /etc/httpd/conf/httpd.conf]” Mod_Dosevasive Installation What is mod_dosevasive? “mod_dosevasive is an evasive maneuvers module for… Read More »

Set up Apache with TLS/SSL Support

If you haven’t set up Apache you should look at our article on how to install Apache for web services. Guide to Set up Apache with TLS/SSL Support # cp /var/log/boot.log /usr/share/ssl/random1 # cp /var/log/cron /usr/share/ssl/random2 # cp /var/log/dmesg /usr/share/ssl/random3 # cp /var/log/messages /usr/share/ssl/random4 # cp /var/log/secure /usr/share/ssl/random5 # cd /usr/share/ssl # openssl genrsa -rand… Read More »

Apache Installation for web services

Documentation for the Apache Install primarily comes from Downloaded httpd-2.0.48.tar.gz from one of the Apache mirror sites at http://www.apache.org. # tar xvzf httpd-2.0.48.tar.gz mod_security – Download mod_security-1.7.4.tar.gz from http://www.modsecurity.org/download/. I am going to install mod_security as a static module in Apache # tar xvzf mod_security-1.7.4.tar.gz # cd mod_security-1.7.4/apache2/ # cp mod_security.c ../../httpd-2.0.48/modules/mappers/ # tar xvzf httpd-2.0.48.tar.gz Create the… Read More »

Chroot Jailing BIND

To improve the security of Bind we are going to run it in a chroot jailed environment. What is a chroot jail? Application jails, also known as “change root jails” or “chroot jails,” are security systems that are supported by all Linux and Unix systems. It basically is an application that creates an  impenetrable barrier between the… Read More »

BIND Installation

To install BIND and verify it works, and then install it in a chroot jail for added security. We will also ensure that only ns1.isp.net will be allowed to do zone transfers. The following instructions primarily come from 6. I’m going to modify them slightly because I prefer to have the various configuration files under /etc/named. Download… Read More »

Securing MySQL

A default install of MySQL is somewhat lacking in security. To fix that we are going to do the following: Remove all default users which are installed in MySQL Create a new admin user (sqladmin) instead of using the default name of ‘root@localhost’ Disable network access to the MySQL port (3306) Log into mysql #… Read More »

MySQL Installation

Download mysql-max-4.0.17-pc-linux-i686.tar.gz from one of the mysql mirrors at http://www.mysql.com. These instructions can be found in the file called INSTALL-BINARY in the downloaded file. # groupadd -g 49 mysql # useradd -c “MySQL Server” -d /usr/mysql -g 49 -s /sbin/nologin -u 49 mysql # mv mysql-max-4.0.17-pc-linux-i686.tar.gz /usr # cd /usr/ # tar xvzf mysql-max-4.0.17-pc-linux-i686.tar.gz # ln… Read More »

Linux Containers and the Future Cloud

Linux-based container infrastructure is an emerging cloud technology based on fast and lightweight process virtualization. It provides its users an environment as close as possible to a standard Linux distribution. As opposed to para-virtualization solutions (Xen) and hardware virtualization solutions (KVM), which provide virtual machines (VMs), containers do not create other instances of the operating… Read More »