How do you know if your Apache Install is Secure?

I'm a hobbyist IT guy and I am running my own Ubuntu server to serve up my website. I was wondering if there are any good ways to find out how secure my setup is, as I'd really prefer not to have my network compromised.

Do you know of any automated tools and/or good guides for securely setting up a LAMP stack?


Solution 1:

If you installed Apache from the repository, it is already safe enough IF you keep it updated. Most attacks nowadays rely on old vulnerabilities on web applications and brute force attacks via FTP or ssh.

That being said, you can always improve the security of your Apache/PHP with a few best practices, including the PHP security manual and the Apache CIS benchmark:

  • PHP Security
  • Apache CIS

As the next step, I would recommend monitoring your system. Look at the logs, file changes, etc. The best tools for that are:

  • Modsecurity
  • OSSEC HIDS

You can always monitor your web site remotely, using Network-based Integrity monitoring (that looks for web site changes, whois modifications, blacklisting, etc) using Sucuri (it is a free tool that I developed).

Solution 2:

There are a multitude of tools on the Internet for security scanning, plus of course tools for launching actual attacks. Why not get hold of some and run them against your web server. Monitoring to see what has happened is one thing. Seeing what actually gets through, and possibly brings it down, is another thing altogether. Not all attacks will be obvious in the logs.

Solution 3:

Nessus and MetaSploit would be good tools to start with. That said, you also need to make sure any web apps running on your server are also secure - that is not as easy to determine with scanning tools.