Prevent Apache from starting after apt-get install
When I apt-get install apache2 the server starts automatically when install completes, and the default Apache configuration makes everything in /var/www/ accessible to the client side. Thus if I have any closed source server side scripts or other secret information in that directory before installing Apache, it is publicly accessible until I change the Apache configuration and restart Apache or until I stop Apache.
I can do this
sudo apt-get install -y apache2
sudo service apache2 stop
# Finish setting up...
And then there is only a brief window where the secret stuff is accessible, but it would be preferable to keep Apache from starting automatically at all and never expose /var/www/ even for one moment.
Are there any options I can pass to apt-get install or other ways to prevent Apache from starting automatically after it is installed?
Solution 1:
Try this:
- Create a file
/usr/sbin/policy-rc.dwith following content:
#!/bin/sh
exit 101
- Make it executable:
chmod +x /usr/sbin/policy-rc.d
After this, all packages will be installed but the services will not start.
Once you are done, you can remove the file:
rm -f /usr/sbin/policy-rc.d
Solution 2:
Lots of options:
- Move the closed source content out of
/var/www - Change the permissions on that content such that the apache user cannot read it
- Iptables to stop port 80/443 traffic
- Pass a runlevel environment variable to
apt-get:
sudo RUNLEVEL=1 apt-get install apache2