Linux Today: Linux News On Internet Time.

More on LinuxToday

LinuxSecurity.com: Security: Physical and Service, Apache [Parts 1 and 2]

Nov 13, 2002, 11:00 (0 Talkback[s])
(Other stories by Roopa Rannorey)

From Part 2, "Security: Apache":

"Log files are another useful utility for monitoring attacks on your server. One must set up a centralised secure log server so that hackers will not be able to remov e traces of their intrusion so easily. Various logfile analyzers like analog, webaliser help in keeping track of the web server access by people. By installing and configuring a good logfile analyser one can know details about the total traffic across the network and the various files and directories accessed,mod ified,deleted or any such activity. It will also tell you the pages that were visited and by whom. In addition to that are all the resources that are busy with respect to apache.

"Maintaining Logfiles is such an important task that one must follow in order to keep track of his system's activities.Apache web server logfiles are httpd.log,error _log and access_log These files log all the attempts by a user in order to perform a task,it can be an attempt for compromising the system The daemon syslog must be enabled which is responsible for logging activity. Care must be taken that logging is on for mail and auth privileges in /etc/syslog.conf

"In typical operation, Apache is started by the root user, and it switches to the user defined by the User directive to serve hits. As is the case with any command th at root executes, you must take care that it is protected from modification by non-root users. Not only must the files themselves be writeable only by root, but so must the directories, and parents of all directories..."

Complete Story (Part 1)

Complete Story (Part 2)

Related Stories: