Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[HOWTO] Chrooting Apache2
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
dausha
Tux's lil' helper
Tux's lil' helper


Joined: 08 Nov 2003
Posts: 112
Location: 34° 45' 44.5"N 92° 23' 10.5"W

PostPosted: Thu Oct 06, 2005 2:35 pm    Post subject: Reply with quote

Quote:
Is it not true that unless there's a kernel-level vulnerability, there's not really neccessary to run Apache2 in chroot? I read that on the forums somewhere before.


I've not read that anywhere. However, tightening a server is always a good idea. Apache can be compromised by XSS exploits, and there are several Portage packages that have these exploits. I recently had a server that was successfully hacked because of an XSS exploit. I was able to catch them before they were able to do anything with it, fortunately. It would have been better if I had chrooted.

IIRC, OpenBSD chroots Apache by default, and they argueably have the most secure OS.

The issue is of paranoia. Server Admins should be extremely paranoid and impliment as many safeguards as possible because the potential harm is more catestrophic. (Sort of why you put on a seatbelt--you may never get into an accident, but just in case . . . .)

Always err on the side of more security.
Back to top
View user's profile Send private message
carpman
Advocate
Advocate


Joined: 20 Jun 2002
Posts: 2202
Location: London - UK

PostPosted: Sat Nov 26, 2005 1:10 pm    Post subject: Reply with quote

Hello, ok trying to get my head around the chrooting apache, i am currently building testing a server for a web project which will use socketmail, this webmail solutions which uses it own smtp pop3 deamon.

From what i have read do far i would created apache chroot, into this i would put the tools/app/libs i need, what not sure about is how php works, websites file structure etc?

Do i also put in the website which currently is in /srv/www.mydomain.com/htdocs

What about mysql database, currently i have /var/lib/mysql on own scsi disk, /srv also has own partition.

What about when updating system, would need to stop chroot apache and copy over new versions?

cheers
_________________
Work Station - 64bit
Gigabyte GA X48-DQ6 Core2duo E8400
8GB GSkill DDR2-1066
SATA Areca 1210 Raid
BFG OC2 8800 GTS 640mb
--------------------------------
Notebook
Samsung Q45 7100 4gb
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum