[Herts] L.A.M.P on Redhat 8.0

Nicolas Pike herts at mailman.lug.org.uk
Sat Apr 12 21:59:00 2003


Thank you very much for your help, I am making a start at the network level
and building from there ! I am considering using qmail and also webmin any
thoughts on them ?

I will keep you posted !

Regards Nicolas

-----Original Message-----
From: herts-admin@mailman.lug.org.uk
[mailto:herts-admin@mailman.lug.org.uk]On Behalf Of Robert Horton
Sent: 30 March 2003 17:08
To: herts@mailman.lug.org.uk
Subject: Re: [Herts] L.A.M.P on Redhat 8.0


I was asked this very question at in interview a couple of weeks ago.
Quite difficult to give a definitive answer to but my stock answer is
> Any advice on configuring a RH 8.0 box from scratch to run soley as a

First get the network services as secure as possible - see what
processes are listening to network sockets and remove those which you
don't know you need (netstat -lp).

> Apache, Mysql, PHP (Plus email !) server ?

I'm of the opinion that Apache is worth building from source as there
are a lot of compile time options, and extra modules you can add (i.e.

> As this box is out in the wilds of the Internet (Well Docklands at least)
> security is important !

You can then get some sort of sensible iptables setup (www.netfilter.org
is a good starting place).

You then need to think about security of users of the box, who is
allowed to log in? will you forward logs to another box so they can't be
tampered with? Use something like tripwire and chrootkit to check for
possible intrusions.

> I am keen not to reinvent the wheel !! So URL's etc that you have found
> useful with this type of configuration would be very helpful.

I have numerous books which contain some relevant information (mainly
published by O'Reilly), but it's mostly gradually acquired knowledge
rather than something you can get straight from one book ("TCP/IP
Network Administration" is quite good). Stevenage Library has a
surprisingly large number of useful books (many of which I have out :).

Anyway, hope that is some help at least!

All the best,


Herts mailing list

Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.465 / Virus Database: 263 - Release Date: 25/03/2003

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.470 / Virus Database: 268 - Release Date: 08/04/2003