Chapter 5. Server Security


51


5.4.2. Beware of Syntax Errors


The NFS server determines which file systems to export and who to export these directories to via the


/etc/exports


file. Be careful not to add extraneous spaces when editing this file.


For instance, the following line in the


/etc/exports


file shares the directory


/tmp/nfs/


to the host


my.example.com


with read and write permissions.


/tmp/nfs/


my.example.com(rw)


This line in the


/etc/exports


file, on the other hand, shares the same directory to the host


my.example.com


with read only permissions and shares is to the world with read and write


permissions due to a single space after the hostname.


/tmp/nfs/


my.example.com (rw)


It is good practice to check any configured NFS shares by using the following command to verify they


are correctly configured:


showmount  e


hostname


5.4.3. Do Not Use the


no_root_squash


Option


By default, NFS shares change root owned files to user


nfsnobody


. This prevents uploading of pro 


grams with the setuid bit set.


5.5. Securing Apache HTTP Server


The Apache HTTP Server is one of the most stable and secure services that ships with Red Hat Linux.a


There are an overwhelming number of options and techniques available to secure the Apache HTTP


Server   too numerous to delve into deeply here.


It is important if you are configuring Apache HTTP Server to read the documentation available


for the application. This includes the the chapter titled Apache HTTP Server in the Official Red


Hat Linux Reference Guide, the chapter titled Apache HTTP Secure Server Configuration


in the Official Red Hat Linux Customization Guide, and the Stronghold manuals, available at


http://www.redhat.com/docs/manuals/stronghold/.


Below is a list of configuration options administrators should be careful using.


5.5.1.


FollowSymLinks


This directive is enabled by default, so be careful where you create symbolic links to in the document


root of the Web server. For instance, it is a bad idea to provide a symbolic link to


/


.


5.5.2. The


Indexes


Directive


This directive is enabled by default, but may not be desirable. If you do not want users to browse files


on the server, it is best to remove this directive.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      web hosting comparison

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved