HOWTO : Almost a perfect and secure Ubuntu 9.04 LAMP server

提示: 作者被禁止或刪除 內容自動屏蔽

很精彩的分享,我學到一些管理貼士。
雖然我不是用 ubuntu+LAMP+xoops,我是用 FreeBSD+apache/mysql/php ports+drupal 但你的分享對我很有用。

TOP

提示: 作者被禁止或刪除 內容自動屏蔽

TOP

原帖由 samiux 於 2009-6-14 02:11 發表


If you don't mind, I would like to ask you to share your experience on securing your FreeBSD server to us.  I want to learn something new too.


我不介意分享,不過我還是 home server DIY 新手,也不是做 I.T. 的。才剛剛開始學做,當我 post 我的過程時,也請你有空閱讀和指正。

有一點我很像你的,就是好介意 security,所以看你的文章我覺得樂在其中。初次訪問你的 Blog,內容份量很多,未完全看得哂。

關於 CMS 這一部份 security,CMS login / 後台管理 時用 SSL  + 一個 fake local CA 來做多少少限制,你的意見如何?我的思考是: home server 的用戶不會太多人,分派 client cert. 給授權人仕用 SSL 不會太麻煩。

推介這位台灣高手的 Blog,對於 FreeBSD, MySQL 有很多深度分享(我根本未夠班睇得明) http://blog.gslin.com/

[ 本帖最後由 zeissoctopus 於 2009-6-14 03:00 編輯 ]

TOP

提示: 作者被禁止或刪除 內容自動屏蔽

TOP

I wholeheartedly recommend this book for anyone who want to learn how to properly harden their freebsd and openbsd system. Well you can google a lot of free information on how to harden you BSD but seldom would they tell you when you should stop going any further. So many end up having a BSD system so 'secure' that they bring a lot of inconvenience to  both the system users and admin.
This book start off telling you how to assess the risk for your particular system and thus devise a proper security policy for your particular environment. The book will tell you every security option you can have for your BSD system ; kernel level, filesystem level and application level. Sometime the author would introduce you to a particular security measure in detail and tell what you have to sacrifice in  terms of usability or availability of your system. He may even advise you against adopting a particular measure after assessing the risk and the associated cost of maintaining one.

Mastering FreeBSD and OpenBSD Security
http://www.amazon.com/Mastering- ... Yanek/dp/0596006268

TOP

提示: 作者被禁止或刪除 內容自動屏蔽

TOP

原帖由 hkepczeg 於 2009-6-14 08:26 發表
I wholeheartedly recommend this book for anyone who want to learn how to properly harden their freebsd and openbsd system. Well you can google a lot of free information on how to harden you BSD but se ...


謝謝介給,我已找到這本書了,會好好學習

TOP

原帖由 samiux 於 2009-6-15 03:37 發表

After thinking over and over, I make up my mind to make the CMS to be accessed via SSL.  Details will be post later.


期待
我自己有關 SSL 起始設定,主要參考這篇文章 Part 1-3
Part 1: http://www.securityfocus.com/infocus/1818
Part 2: http://www.securityfocus.com/infocus/1820
Part 3: http://www.securityfocus.com/infocus/1823

不過 part 2 中有關 method 3: Certificate signed by Local CA 中
有關自定的 openssl.cnf 在 ubuntu 9.04, FreeBSD 7.2 下用 openssl 都有 errors
後來我明白只要刪除文中 openssl.cnf 範例中所有 nsCommnet 行便 errors free

另找到一篇速成起始考參
http://study.qqcf.com/web/530/126631.htm

[ 本帖最後由 zeissoctopus 於 2009-6-15 17:29 編輯 ]

TOP

提示: 作者被禁止或刪除 內容自動屏蔽

TOP