RE: secure Apache build question

[Bénoni MARTIN <Benoni.MARTIN () libertis ga>]

Hi !

Well, to my opinion, securing a web server (Apache, IIS or whatever more) depends on your needs !

To start with (just to start :) ), you can try to launch Bastille Linux (freeware, http://www.bastille-linux.org) on 
your web server, it has a section about Apache and will help you to configure it. After...well, maybe go on through 
your httpd.conf, understand each option and set it according to your needs.
 

-----Message d'origine-----
De : shawn [mailto:pakkit () codepiranha org] 
Envoyé : lundi 6 septembre 2004 03:30
À : Haseeb Chaudhary
Cc : webappsec () securityfocus com
Objet : Re: secure Apache build question

Haseeb Chaudhary wrote:
> Hi All,
>
> I'm looking at building Apache web servers on Solaris and/or Linux. I've been assigned the task of ensuring the build 
> is secure against known vulnerabilities and attack types.
>
> I'm a newbie to Apache and would greatly appreciate some links or advice on an easy way to securely build Apache web 
> servers  - hopefully in a scripted way. The webservers will eventually go into production and will be facing the 
> internet. I expect to place them behind Arrowpoint load-balancers.
>
> All advice would really be appreciated!
>
> thanks inadvance, Haseeb

SecurityFocus had an article recently about just that:
http://www.securityfocus.com/infocus/1694

Apache is a fairly complex piece of software and everyone tends to configure it differently but the article may get you 
started...

sd