Chapter 5. Server Security
51
5.4.2. Beware of Syntax Errors
The NFS server determines which file systems to export and who to export these directories to via the
/etc/exports
file. Be careful not to add extraneous spaces when editing this file.
For instance, the following line in the
/etc/exports
file shares the directory
/tmp/nfs/
to the host
my.example.com
with read and write permissions.
/tmp/nfs/
my.example.com(rw)
This line in the
/etc/exports
file, on the other hand, shares the same directory to the host
my.example.com
with read only permissions and shares is to the world with read and write
permissions due to a single space after the hostname.
/tmp/nfs/
my.example.com (rw)
It is good practice to check any configured NFS shares by using the following command to verify they
are correctly configured:
showmount  e
hostname
5.4.3. Do Not Use the
no_root_squash
Option
By default, NFS shares change root owned files to user
nfsnobody
. This prevents uploading of pro 
grams with the setuid bit set.
5.5. Securing Apache HTTP Server
The Apache HTTP Server is one of the most stable and secure services that ships with Red Hat Linux.a
There are an overwhelming number of options and techniques available to secure the Apache HTTP
Server   too numerous to delve into deeply here.
It is important if you are configuring Apache HTTP Server to read the documentation available
for the application. This includes the the chapter titled Apache HTTP Server in the Official Red
Hat Linux Reference Guide, the chapter titled Apache HTTP Secure Server Configuration
in the Official Red Hat Linux Customization Guide, and the Stronghold manuals, available at
http://www.redhat.com/docs/manuals/stronghold/.
Below is a list of configuration options administrators should be careful using.
5.5.1.
FollowSymLinks
This directive is enabled by default, so be careful where you create symbolic links to in the document
root of the Web server. For instance, it is a bad idea to provide a symbolic link to
/
.
5.5.2. The
Indexes
Directive
This directive is enabled by default, but may not be desirable. If you do not want users to browse files
on the server, it is best to remove this directive.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

web hosting comparison

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved