Debian/Ubuntu Tips and Tricks

Debuntu

Debian/Ubuntu Tips and Tricks

Secure your Apache2 with mod-security

Posted by chantra on 13th August 2006

This entry is part 1 of 3 in the series Secure your Apache2 with mod-security

This article will show how-to install, configure and set up apache's mod-security module on a debian based system. This was done on Ubuntu Dapper and should fit any Debian based system.

Mod_security is an Apache 1.x/2.x module whose purpose is to tighten the Web application security by shielding the applications from attack. The idea is to filter request and web content before passing it to apache core.

Once installed, mod-security needs to be defined some rules matching patterns, filter request and HTTP stream and in the end do different actions like allowing, denying, log...

Effectively, it is an intrusion detection and/or prevention system for apache web server.

Read the rest of this entry »

Tags: ,
Posted in Administration, HowTo, HTTP | No Comments »

How-To: Apache web server basic security measures — page 2

Posted by chantra on 30th July 2006

This entry is part 2 of 2 in the series How-To: Apache web server basic security measures

3. PHP:

Another way to hide which PHP version you are running can be achieved through php.ini.
Php as a directive of its own in order not to be too verbose, this is the variable called expose_php. Turning this one to Off will avoid php telling that it is running. In the following output, I had ServerTokens set to Full and expose_php to Off:
Read the rest of this entry »

Tags:
Posted in Administration, HowTo, HTTP | No Comments »

How-To: Apache web server basic security measures

Posted by chantra on 30th July 2006

This entry is part 1 of 2 in the series How-To: Apache web server basic security measures

While running a HTTP server such as Apache, there is a few step an administrator have to take in order not to get easily hacked. The very basic one is to hide from the outside which software version and operating system version are running.

Read the rest of this entry »

Tags:
Posted in Administration, HowTo, HTTP | No Comments »

How To: Enable apache modules under Debian based system — page 2

Posted by chantra on 15th June 2006

This entry is part 2 of 2 in the series How To: Enable apache modules under Debian based system

2. Adding modules:

Now, taking into account the strucutre of apache, it is pretty easy to add modules to be loaded by apache. Let's assume that you want to add mime_magic module. To do so, you can either:
Read the rest of this entry »

Tags:
Posted in Administration, HowTo, HTTP | 2 Comments »

How To: Enable apache modules under Debian based system

Posted by chantra on 15th June 2006

This entry is part 1 of 2 in the series How To: Enable apache modules under Debian based system

Apache is usually suitable out of the box for most common used. The apache structure under debian based systems is actually really well made as it is really easy to activate or deactivate module.

This how-to will show how to activate or deactivate available modules under a debian system running apache2.

Read the rest of this entry »

Tags:
Posted in Administration, HowTo, HTTP | No Comments »

How To: Setting up awstats with apache 2 on debian-ubuntu

Posted by chantra on 21st April 2006

This entry is part 1 of 2 in the series How To: Setting up awstats with apache 2 on debian-ubuntu

Awstats is a great web log analyser. It gives really usefull statistics about traffic on your web sites.

Installing awstats in debian/ubuntu still needs so tweaking to produce neat statistics.

In this articles, I'm going to show you what needs to be done.

Read the rest of this entry »

Tags:
Posted in Administration, HowTo, HTTP | No Comments »

How To: Setting up awstats with apache 2 on debian-ubuntu — page 2

Posted by chantra on 21st April 2006

This entry is part 2 of 2 in the series How To: Setting up awstats with apache 2 on debian-ubuntu

3. Configuring Awstats:

Awstats configuration file are located in /etc/awstats. By default, when calling the URL http://www.mysite.org/awstats/awstats.pl, awstats is looking for the configuration file name after your domain name, namely here /etc/awstats/awstats.www.mysite.org.conf. You can override this by giving awstats an argument named config. For instance http://www.mysite.org/awstats/awstats.pl?config=foobar will indicate awstats to fetch the configuration from /etc/awstats/awstats.foobar.conf.

Read the rest of this entry »

Tags:
Posted in Administration, HowTo, HTTP | 2 Comments »

Virtual Hosting using Apache 2 on a linux machine

Posted by chantra on 21st February 2006

Virtual Hosting allow web servers to host more than one website on a sing machine. This is how sharing hosting works. I become pretty handy as well while develloping different web project on the same machine and allows you to access to your local repository using addresses such as http://dev.mysite.com instead of http://localhost/~myuser/myproject/ :) .
This tutorial is based on a machine runnning ubuntu/linux but should be the same on any debian based distribution and almost the same on other distributions.

Read the rest of this entry »

Tags:
Posted in Administration, HowTo, HTTP, Networking | 3 Comments »