On 12/15/05, Mike Esquardez <[EMAIL PROTECTED]> wrote: > > i have to install a server that will host a "test drive" of > a web app > > on the internet. from my inital look at the app, it looks > like it will > > be a target to be exploited. i am not involved with the > code so fixing > > it is not an option. what i would like to try and do is > host it in a > > manner where i can minimize the risk and damage. it will only have > > sample data and it doesnt have to be "live". some ideas i have- > > > > automate disk imaging or rsync. > > read only filesystem. > > integrity tool. > > live cd version of the app. > > > > any other ideas????? >
If this Web App depends on Apache/PHP/mySQL then you'll need a module like mod_security for Apache and use rules from gotroot.com to secure against SQL injections...etc. I'd actually do the following: 1) Secure your Kernel 2) IPFW and close the server down except to services you need 3) run rkhunter as cron to scan against problems 4) run the mod_security for Apache and make sure your PHP/Apache processes are configured properly. 5) Lastly, do backups ;-) Tamouh _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
