|
|
Sponsored Content
Top Forums
Shell Programming and Scripting
Need help getting a web page to start a server.
Post 303025971 by Neo on Thursday 15th of November 2018 11:29:51 PM
11-16-2018
Administrator
The first thing you should do is to insure you have SSH set up for your entire web server and no non HTTPS traffic is permitted.
The second thing you must do it to set up basic apache2 security to require an htpasswd user id and login for basic authentication access to your web server.
The third thing you must do it so set up iptables so only the handful of IP addresses you control are permitted to even connect to the web server.
These are the bare minimum requirements.
Then, on the PHP side, you do not need to use sudo if you set it up correctly. No good web server admin sets up their web server with the user id of the web server (in your case www-data) in the sudoers file. There are better and more secure ways to do it.... but as you said, you don't care about security, so why should we waste our time.
There is no excuse for setting up apache2 and PHP on a LAMP server in an insecure way; when it can easily be done securely and correctly.
One last point, I'm not angry in the least. I don't have emotions when others do things wrong or in a very insecure way on their servers. In fact, after decades on the net, I don't get angry, upset, or have any emotion about anything in these or other forums or sites; but we admins and moderators will enforce rule violations, and so far you have not broken any rules, LOL . Thank you for always following the forum rules. Much appreciated.
In general, I am concerned about cybersecurity, professionally speaking.
Cheers and good luck!
PS: If you truly have a web server where you do not care in the least about security, then just set up apache2 to run with the userid of root and not www-data and be done with it. LOL.... then you can do whatever you want, insecurely as you like
Easy.
The second thing you must do it to set up basic apache2 security to require an htpasswd user id and login for basic authentication access to your web server.
The third thing you must do it so set up iptables so only the handful of IP addresses you control are permitted to even connect to the web server.
These are the bare minimum requirements.
Then, on the PHP side, you do not need to use sudo if you set it up correctly. No good web server admin sets up their web server with the user id of the web server (in your case www-data) in the sudoers file. There are better and more secure ways to do it.... but as you said, you don't care about security, so why should we waste our time.
There is no excuse for setting up apache2 and PHP on a LAMP server in an insecure way; when it can easily be done securely and correctly.
One last point, I'm not angry in the least. I don't have emotions when others do things wrong or in a very insecure way on their servers. In fact, after decades on the net, I don't get angry, upset, or have any emotion about anything in these or other forums or sites; but we admins and moderators will enforce rule violations, and so far you have not broken any rules, LOL . Thank you for always following the forum rules. Much appreciated.
In general, I am concerned about cybersecurity, professionally speaking.
Cheers and good luck!
PS: If you truly have a web server where you do not care in the least about security, then just set up apache2 to run with the userid of root and not www-data and be done with it. LOL.... then you can do whatever you want, insecurely as you like
Easy.|
|
8 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello,
I am new to unix, but wanted to know how can we fetch data from a web page (i.e. an HTML Page), my requirement is to read an html page and wanted to create a flat file (text file) based on the contents available in the mentioned HTML page.
Thanks
Imtiaz (3 Replies)
Discussion started by: Imtiaz
3 Replies
2. Shell Programming and Scripting
Wish you all a very happy new year.
I have a web url "http://marabou.mis.amat.com/cgi-bin/iman?IMAN_server_report=full"
where marabou.mis.amat.com is my server name. the page content is below.
*********************************************************
TcEng Web server report
Thu Jan 4... (4 Replies)
Discussion started by: Krrishv
4 Replies
3. Solaris
Hi there. I'm trying to upgrade a Sun Blade 100 to Solaris 9.
I downloaded and burned the install, disc 1, disc 2 and tools CDs from Sun. I turned off auto-boot, put in the CD and enter the following:
# boot cdrom -nowin
The cdrom boot starts, and I get prompted to choose a language... (2 Replies)
Discussion started by: calenti
2 Replies
4. UNIX for Dummies Questions & Answers
Hi all,
I am new to UNIX and so am struggling a bit on using the right commands.
I am working on a remote UNIX server and i need to load a web page using firefox. I can use the client IP address to access the web page but i am not able to do so because the command i am typing is wrong.
... (1 Reply)
Discussion started by: greg15
1 Replies
5. Web Development
Hello,
I have created a web page on a server using apache and added .htaccess and .htpasswd in the folder for authentification.
I was wondering if there was anyway to tie-in the login for this page with the login used to logon to the server.
i.e. the same login info. is used for both,... (2 Replies)
Discussion started by: WhotheWhat
2 Replies
6. Cybersecurity
Hello,
I have created a web page on a server using apache and added .htaccess and .htpasswd in the folder for authentification.
I was wondering if there was anyway to tie-in the login for this page with the login used to logon to the server.
i.e. the same login info. is used for both, when... (1 Reply)
Discussion started by: WhotheWhat
1 Replies
7. Web Development
Hi,
I have html page in my unix machine(server), which I will open with firefox or mozilla available in unix machine. Firefox or mozilla will be opened using x windows.
Since I have access to unix machien(like other users) and this HTML page is for user having access to Unix machine, I see no... (7 Replies)
Discussion started by: vamanu9
7 Replies
8. Web Development
Hi All,
I'm getting this below error
bash-4.1$ ./apachectl -k start
(98)Address already in use: make_sock: could not bind to address hostname:18000
no listening sockets available, shutting down
Unable to open logs
I tried to change the port number, still same error:
... (5 Replies)
Discussion started by: raghur77
5 Replies
LEARN ABOUT DEBIAN
sslh
SSLH(1p) User Contributed Perl Documentation SSLH(1p) NAME
sslh - Switch incoming connection between SSH and SSL/HTTPS servers SYNOPSIS
sslh [ -v ] [ -p [host:]port ] [ -t timeout ] [ --ssh [host:]port ] [ --ssl [host:]port ] DESCRIPTION
sslh is a simple script that lets you switch an incoming connection on a single port between distinct SSH and SSL/HTTPS servers. sslh listens for connections on a port and is able to redirect them either to an HTTPS web server or a SSH server. This lets one setup both a HTTPS web server and a SSH server and access them through the same host+port. OPTIONS
The program follows the usual GNU command line syntax, with long options starting with two dashes. -p, --port [host:]port The port the proxy will listen to. If no port is given, 443 is used by default. If no host is given, "localhost" is used by default. -s, --ssh [host:]port The SSH server which the SSH connections must be forwarded to. If omitted, the default is localhost:22. -l, --ssl, --https [host:]port The HTTPS server which the HTTPS connections must be forwarded to. If omitted, the default is localhost:443. -t, --timeout delay Timeout in seconds before a silent incoming connection is considered as a SSH connection. The number can be fractional. The default is 2seconds. -v, --verbose Verbose output. This option can be used several times for more verbose output. EXAMPLE OF USE
Is this tool actually useful? Yes. For example one can use it to access both a SSH server and a secure web server via a corporate proxy that only accepts to relay connections to port 443. Creating a tunnel that passes SSH connection through a CONNECT-enabled web proxy is easy with connect-tunnel (also included in the "Net::Proxy" distribution). The proxy will let both SSH and HTTPS connections out (since they all point to port 443), and the home server will connect those incoming connections to the appropriate server. This only requires to run the HTTPS server on a non standard port (not 443). TECHNICAL NOTE
How can this proxy find out what kind of protocol is using a TCP connection to port 443, without being connected (yet) to the server? We actually rely on a slight difference between the SSL and SSH protocols (found thanks to ethereal): SSH Once the TCP connection is established, the server speaks first, presenting itself by saying something like: SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-1 SSL With SSL, it's always the client that speaks first. This means that sslh can be used with any pair of protocols/services that share this property (the client speaks first for one and the server speaks first for the other). AUTHORS
Original idea and C version Frederic Ple "<sslh@wattoo.org>". Perl versions Philippe 'BooK' Bruhat "<book@cpan.org>". SCRIPT HISTORY
Version 0.01 of the script was a quick hack designed in 2003 as a proof of concept. Version 0.02 (and higher) are based on "Net::Proxy", and included with the "Net::Proxy" distribution. Version 0.02 didn't work, though. Version 0.03 correctly initialised the "in" connector. Version 0.04 lets the proxy listen on any address (instead of "localhost", which is still the default). Thanks to Dieter Voegtli for spotting this. SEE ALSO
Net::Proxy, Net::Proxy::Connector::dual. COPYRIGHT
Copyright 2003-2006, Philippe Bruhat. All rights reserved. LICENSE
This module is free software; you can redistribute it or modify it under the same terms as Perl itself. perl v5.10.1 2009-10-18 SSLH(1p)