Securing The Apache Http Server - Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE Manual

Hide thumbs Also See for ENTERPRISE LINUX 3 - SECURITY GUIDE:

Manual (410 pages)

System administration manual (348 pages)

Reference manual (324 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

page of 136

/ 136
Contents
Table of Contents
Bookmarks

Table of Contents

5.5. Securing the Apache HTTP Server

The Apache HTTP Server is one of the most stable and secure services that ships with Red Hat

Enterprise Linux. There are an overwhelming number of options and techniques available to secure

the Apache HTTP Server — too numerous to delve into deeply here.

It is important when conﬁguring the Apache HTTP Server to read the documentation available

for the application. This includes the the chapter titled Apache HTTP Server in the Red Hat

Enterprise Linux Reference Guide, the chapter titled Apache HTTP Server Conﬁguration in the Red

Hat Enterprise Linux System Administration Guide, and the Stronghold manuals, available at

http://www.redhat.com/docs/manuals/stronghold/.

Below is a list of conﬁguration options administrators should be careful using.

5.5.1.

FollowSymLinks

This directive is enabled by default, so be careful when creating symbolic links to the document root

of the Web server. For instance, it is a bad idea to provide a symbolic link to

5.5.2. The

Indexes

This directive is enabled by default, but may not be desirable. To prevent visitors from browsing ﬁles

on the server, remove this directive.

5.5.3. The

UserDir

The

directive is disabled by default because it can conﬁrm the presence of a user account

UserDir

on the system. To enable user directory browsing on the server, use the following directives:

UserDir enabled

UserDir disabled root

These directives activate user directory browsing for all user directories other than

users to the list of disabled accounts, add a space delimited list of users on the

line.

5.5.4. Do Not Remove the

By default, the server-side includes module cannot execute commands. It is ill advised to change this

setting unless absolutely necessary, as it could potentially enable an attacker to execute commands on

the system.

5.5.5. Restrict Permissions for Executable Directories

Be certain to only assign write permissions to the root user for any directory containing scripts or

CGIs. This can be accomplished by typing the following commands:

chown root

directory_name

chmod 755

directory_name

Also, always verify that any scripts running on the system work as intended before putting them into

production.

Directive

IncludesNoExec

Chapter 5. Server Security

Directive

. To add

/root/

UserDir disabled

Table of Contents

Securing The Apache Http Server - Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE Manual

5.5. Securing the Apache HTTP Server

Related Manuals for Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE

Related Content for Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE

Table of Contents