Computer security is an ongoing process, a relentless contest between system administrators and intruders. A good administrator needs to stay one step ahead of any adversaries, which often involves a continuing process of education.

If you’re grounded in the basics of security, however, you won’t necessarily want a complete treatise on the subject each time you pick up a book. Sometimes you want to get straight to the point. That’s exactly what the new Linux Security Cookbook does. Rather than provide a total security solution for Linux computers, the authors present a series of easy-to-follow recipes–short, focused pieces of code that administrators can use to improve security and perform common tasks securely.

The Linux Security Cookbook includes real solutions to a wide range of targeted problems, such as sending encrypted email within Emacs, restricting access to network services at particular times of day, firewalling a webserver, preventing IP spoofing, setting up key-based SSH authentication, and much more. With over 150 ready-to-use scripts and configuration files, this unique book helps administrators secure their systems without having to look up specific syntax. The book begins with recipes devised to establish a secure system, then moves on to secure day-to-day practices, and concludes with techniques to help your system stay secure.

Some of the “recipes” you’ll find in this book are:

• Controlling access to your system from firewalls down to individual services, using iptables, ipchains, xinetd, inetd, and more
• Monitoring your network with tcpdump, dsniff, netstat, and other tools
• Protecting network connections with Secure Shell (SSH) and stunnel
• Safeguarding email sessions with Secure Sockets Layer (SSL)
• Encrypting files and email messages with GnuPG
• Probing your own security with password crackers, nmap, and handy scripts

Editorial Reviews

Review

“I really enjoyed this book. I think my machine is more secure than before I read this book. The advice is good and pitched at, for me, the right level. References were up-to-date ad far as I could see. I would certainly recommend this book to anyone wanting to secure, or test the esisting security, of a Linux system.” – Mick Farmer, Linux Security Cookbook – news@UK, September 2003

About the Author

Dan Barrett has been immersed in Internet technology since 1985. Currently working as a software engineer, Dan has also been a heavy metal singer, Unix system administrator, university lecturer, web designer, and humorist. He has written several O’Reilly books, as well as monthly columns for Compute! and Keyboard Magazine. Dan and his family reside in Boston.
Richard E. Silverman has a B.A. in computer science and an M.A. in pure mathematics. Richard has worked in the fields of networking, formal methods in software development, public-key infrastructure, routing security, and Unix systems administration. He is the co-author of SSH, The Secure Shell: The Definitive Guide.

The post Linux Security Cookbook appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

LAMP is essentially a server that runs Linux, Apache, MySQL and Php/Perl and is more commonly known as a LAMP server. This guide provides step-by-step instructions for installing a full-featured LAMP server on a CentOS 6 .0

1. Update system

Before proceeding to install, update the system with the following command

# yum update

2. Install and Configure the Apache Web Server

The Apache web server is the most popular server online, used on more than 70% of all servers connected to the World Wide Web. And there are good reasons for it: it’s free, it’s very stable, it delivers a great performance, it’s very customizable. To install the current version of the Apache web server use the following command

# yum install httpd

If you want to run Apache by default when the system boots, type the following command

# chkconfig httpd --level 2345 on

To start Apache for the first time, type the following command

# /etc/init.d/httpd start

3. Apache Web Server Security and Optimization

1. Disable any unnecessary apache modules, type the following command

# vi /etc/httpd/conf/httpd.conf

My example configuration is here

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so

2. Optimize Timeout & KeepAlive
You need to control Timeouts & KeepAlive to improve server performance. Type the following command

# vi /etc/httpd/conf/httpd.conf

Find & Edit it as follows

Timeout 10
KeepAlive On
MaxKeepAliveRequests 200
KeepAliveTimeout 5

3. Optimize MPM (Multi-Processing Module)
Apache’s default installation of MPM Prefork. To optimize MPM Prefork, type the following command

# vi /etc/httpd/conf/httpd.conf

Find

<IfModule prefork.c>

Edit it as follows

<IfModule prefork.c>
    StartServers          5
    MinSpareServers      10
    MaxSpareServers      15
    ServerLimit         450
    MaxClients          450
    MaxRequestsPerChild   0
</IfModule>

Which,

# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# ServerLimit: maximum value for MaxClients for the lifetime of the server
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves

4. Enable Mod_rewite
To enable mod_rewirte, type the following command

# vi /etc/httpd/conf/httpd.conf

Find

<Directory "/var/www/html">

Edit it as follows

<Directory "/var/www/html">
    AllowOverride All
    Options -MultiViews -Indexes FollowSymlinks IncludesNoExec +Includes
<Limit GET POST OPTIONS PROPFIND>
    Order allow,deny
    Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
    Order deny,allow
    Deny from all
</LimitExcept>
</Directory>

5. Enable File Caching
Enabling file caching can greatly improve your site’s performance and speed. If you want to enable file caching, type the following command

# vi /etc/httpd/conf/httpd.conf

Find

<Directory "/var/www/html">

Edit it as follows

<Directory "/var/www/html">
    AllowOverride All
    Options -MultiViews -Indexes FollowSymlinks IncludesNoExec +Includes
<Limit GET POST OPTIONS PROPFIND>
    Order allow,deny
    Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
    Order deny,allow
    Deny from all
</LimitExcept>
<FilesMatch "\.(flv|swf|ico|gif|jpg|jpeg|png|html|css)$">  
	Header set Cache-Control "max-age=604800, public"  
</FilesMatch>
</Directory>

4. Install and Configure MySQL Database Server

MySQL Server is one of the most popular database servers in the world, especially for use with dynamic, content rich websites. To install MySQL database server use the following command

# yum install mysql mysql-server

After installing MySQL, I highly recommend to run mysql_secure_installation, a program that helps secure MySQL. Important points to note are:
1. Be sure that the root account has a secure password set.
2. Do not create an anonymous account, and if it exists, say “yes” to remove it.
3. If your web server and MySQL server are on the same machine, you should disable the network access.

If you want to run MySQL by default when the system boots, type the following command

# chkconfig mysqld--level 2345 on

To start MySQL for the first time, type the following command

# /etc/init.d/mysqld start

5. Installing and Configuring PHP

PHP is a general-purpose scripting language originally designed for web development to produce dynamic web pages. Many popular web applications like WordPress, Joomla, Drupal, OScommerce, Magento are written in PHP. To install PHP on CentOS use the following command

# yum install php53 php53-mysql

To create secure PHP configuration settings, type the following command

# vi /etc/php.ini

Find & Edit it as follows

allow_url_fopen = Off 
display_errors = Off 
display_startup_errors = Off 
log_errors = On 
error_reporting = E_ALL 
expose_php = Off 
magic_quotes_gpc = On 
magic_quotes_sybase = Off 
register_globals = Off
max_execution_time = 60
memory_limit = 64M

To prevent run PHP scripts with a different file extension, type the following command

# vi /etc/httpd/conf.d/php.conf

Find

AddHandler php5-script .php
AddType text/html .php

Replace it as follows

<FilesMatch \.php$>
	AddHandler php5-script .php
	AddType text/html .php
</FilesMatch>

Restart Apache to reload new configurations. Type the following command

# /etc/init.d/httpd restart

The post How To Setup A LAMP Server On Centos 6.0 appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.