homepage Welcome to WebmasterWorld Guest from 54.205.247.203
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
server not accessible from remote system
web pages on linux-apache server not accessible
sai_suresh




msg:915525
 9:46 am on Jan 24, 2003 (gmt 0)

hi all

i'm working on linux-apache-php-mysql combination and i'm new to this combination. i installed everything on my box. i would like to make my system( part of intranet having its own static ip address) web server for the web site i'm developing. i can view pages on my server system using http*//aaaaa.bb.ccc.ddd(localdomain.localhost)/ee.html. the problem is that i can not access my server from a remote system using the static ip address of my server. what would be the right approach for my problem?

[edited by: engine at 9:50 am (utc) on Jan. 24, 2003]
[edit reason] de-linked [/edit]

 

Duckula




msg:915526
 5:56 am on Jan 25, 2003 (gmt 0)

Hello sai_suresh and welcome to WebmasterWorld.

You may like to review other related threads on this forum, like Apache works locally (on LAN) but not remotely (Internet) [webmasterworld.com] or viewing pages on a local apache [webmasterworld.com].

sai_suresh




msg:915527
 7:12 am on Feb 21, 2003 (gmt 0)

Hi

I came to know that Linux default network configuration denies any request from a remote system.so, I could get web pages from my server if i run "service ipchains stop" which removes default firewall settings making my server accessible from a remote system but making it vulnerable by removing firewall settings. what should i do to make it secure. will installing secure web server( mad_ssl+openssl) work for me in that case?

Duckula




msg:915528
 7:43 am on Feb 21, 2003 (gmt 0)

SSL will not make your server less crackable; it is needed to prevent third parties from eavesdropping the messages through the public internet, so them can only be translated by the trusting parties.

What you need to do is to configure ipchains to allow traffic through the port 80, the default for a web server. What a firewall really does is blocking traffic through ports you know are not needed for normal operation, i.e. all except the one you explicitely need.

sai_suresh




msg:915529
 9:49 am on Feb 21, 2003 (gmt 0)

Thank you Dracula for ur earlier reply. but how can i be sure that my server is secure once i define the ipchain to allow only port 80 for communication? is there anyway that i can assure that the server is as secure as any other server on the internet. what r the testing strategies to ensure web server security.

jpjones




msg:915530
 10:23 am on Feb 21, 2003 (gmt 0)

The only true way to secure a server is remove any physical way for the server to talk to the outside world - this to include network cables, monitors, and keyboards, and to site the computer in a locked room. :)

is there anyway that i can assure that the server is as secure as any other server on the internet

If you only open up port 80 (tcp) on the server, then the other services on the server will still be inaccessible. With computers on the internet, you want as few as possible services accessible to the outside world.

Testing strategies could include running a port scanner on the whole server using both TCP and UDP protocols - this should be run from a remote machine. nmap is quite a useful tool for this. There are further tools available such as Nessus, which is a security auditing tool. These will actually probe your open services for any known vulnerability and report back to you. Again, this is best run remotely so you can know exactly what a potential hacker can see.

Another route to go down would be monitoring, in conjunction with testing. Install something like logcheck to automatically email you your system logs containing any suspect behaviour. Run tripwire nightly. Run chkrootkit nightly. Look at the reports these utilities provide you with!

And of course, take backups, just in case the unthinkable happens. :)

HTH,
JP

Duckula




msg:915531
 11:02 am on Feb 21, 2003 (gmt 0)

is there anyway that i can assure that the server is secure

I liked this article from the Linux Magazine: Hardening Linux Systems [linux-mag.com] (first on a series of three). You can't hardly get more secure than that. Beware, it borderlines paranoia.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved