Some time ago one of my public servers (running Slackware64 14.0) got attacked and was misused to send phishing emails.
This misadventure made me more concerned about security, so I spent the last few weeks catching up on security, reading docs about SELinux and how to use it, etc.
I have a public sandbox server running CentOS 7, and I’m currently experimenting quite a lot with Apache and how to secure it. My approach is very much trial-and-error. I’ve started with these two articles:
13 Apache Web Server Security and Hardening Tips
I’ve also discovered the Nikto vulnerability scanner, and I’m playing around with it.
Besides all this, I’d be curious to know your approach in securing Apache, the tools you use, maybe the odd do’s and don’ts, suggestions, some good books and/or online docs about the subject, etc.
Cheers from the sunny South of France,
Microlinux – Solutions informatiques durables
7, place de l’église – 30730 Montpezat Web : http://www.microlinux.fr Mail : firstname.lastname@example.org Tél. : 04 66 63 10 32