Chapter 5. Server Security
51
5.4.2. Beware of Syntax Errors
The NFS server determines which file systems to export and who to export these directories to via the
/etc/exports
file. Be careful not to add extraneous spaces when editing this file.
For instance, the following line in the
/etc/exports
file shares the directory
/tmp/nfs/
to the host
my.example.com
with read and write permissions.
/tmp/nfs/
my.example.com(rw)
This line in the
/etc/exports
file, on the other hand, shares the same directory to the host
my.example.com
with read only permissions and shares is to the world with read and write
permissions due to a single space after the hostname.
/tmp/nfs/
my.example.com (rw)
It is good practice to check any configured NFS shares by using the following command to verify they
are correctly configured:
showmount e
hostname
5.4.3. Do Not Use the
no_root_squash
Option
By default, NFS shares change root owned files to user
nfsnobody
. This prevents uploading of pro
grams with the setuid bit set.
5.5. Securing Apache HTTP Server
The Apache HTTP Server is one of the most stable and secure services that ships with Red Hat Linux.a
There are an overwhelming number of options and techniques available to secure the Apache HTTP
Server too numerous to delve into deeply here.
It is important if you are configuring Apache HTTP Server to read the documentation available
for the application. This includes the the chapter titled Apache HTTP Server in the Official Red
Hat Linux Reference Guide, the chapter titled Apache HTTP Secure Server Configuration
in the Official Red Hat Linux Customization Guide, and the Stronghold manuals, available at
http://www.redhat.com/docs/manuals/stronghold/.
Below is a list of configuration options administrators should be careful using.
5.5.1.
FollowSymLinks
This directive is enabled by default, so be careful where you create symbolic links to in the document
root of the Web server. For instance, it is a bad idea to provide a symbolic link to
/
.
5.5.2. The
Indexes
Directive
This directive is enabled by default, but may not be desirable. If you do not want users to browse files
on the server, it is best to remove this directive.
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved