[Herts] L.A.M.P on Redhat 8.0

Robert Horton herts at mailman.lug.org.uk
Sun Mar 30 17:11:01 2003


Hi,

I was asked this very question at in interview a couple of weeks ago.
Quite difficult to give a definitive answer to but my stock answer is
below!
> Any advice on configuring a RH 8.0 box from scratch to run soley as a Linux,

First get the network services as secure as possible - see what
processes are listening to network sockets and remove those which you
don't know you need (netstat -lp).

> Apache, Mysql, PHP (Plus email !) server ?

I'm of the opinion that Apache is worth building from source as there
are a lot of compile time options, and extra modules you can add (i.e.
php).

> As this box is out in the wilds of the Internet (Well Docklands at least)
> security is important !

You can then get some sort of sensible iptables setup (www.netfilter.org
is a good starting place).

You then need to think about security of users of the box, who is
allowed to log in? will you forward logs to another box so they can't be
tampered with? Use something like tripwire and chrootkit to check for
possible intrusions.

> I am keen not to reinvent the wheel !! So URL's etc that you have found
> useful with this type of configuration would be very helpful.

I have numerous books which contain some relevant information (mainly
published by O'Reilly), but it's mostly gradually acquired knowledge
rather than something you can get straight from one book ("TCP/IP
Network Administration" is quite good). Stevenage Library has a
surprisingly large number of useful books (many of which I have out :).

Anyway, hope that is some help at least!

All the best,

Rob