|
|
Sponsored Content
Top Forums
Shell Programming and Scripting
Need help getting a web page to start a server.
Post 303025971 by Neo on Thursday 15th of November 2018 11:29:51 PM
11-16-2018
Administrator
The first thing you should do is to insure you have SSH set up for your entire web server and no non HTTPS traffic is permitted.
The second thing you must do it to set up basic apache2 security to require an htpasswd user id and login for basic authentication access to your web server.
The third thing you must do it so set up iptables so only the handful of IP addresses you control are permitted to even connect to the web server.
These are the bare minimum requirements.
Then, on the PHP side, you do not need to use sudo if you set it up correctly. No good web server admin sets up their web server with the user id of the web server (in your case www-data) in the sudoers file. There are better and more secure ways to do it.... but as you said, you don't care about security, so why should we waste our time.
There is no excuse for setting up apache2 and PHP on a LAMP server in an insecure way; when it can easily be done securely and correctly.
One last point, I'm not angry in the least. I don't have emotions when others do things wrong or in a very insecure way on their servers. In fact, after decades on the net, I don't get angry, upset, or have any emotion about anything in these or other forums or sites; but we admins and moderators will enforce rule violations, and so far you have not broken any rules, LOL . Thank you for always following the forum rules. Much appreciated.
In general, I am concerned about cybersecurity, professionally speaking.
Cheers and good luck!
PS: If you truly have a web server where you do not care in the least about security, then just set up apache2 to run with the userid of root and not www-data and be done with it. LOL.... then you can do whatever you want, insecurely as you like
Easy.
The second thing you must do it to set up basic apache2 security to require an htpasswd user id and login for basic authentication access to your web server.
The third thing you must do it so set up iptables so only the handful of IP addresses you control are permitted to even connect to the web server.
These are the bare minimum requirements.
Then, on the PHP side, you do not need to use sudo if you set it up correctly. No good web server admin sets up their web server with the user id of the web server (in your case www-data) in the sudoers file. There are better and more secure ways to do it.... but as you said, you don't care about security, so why should we waste our time.
There is no excuse for setting up apache2 and PHP on a LAMP server in an insecure way; when it can easily be done securely and correctly.
One last point, I'm not angry in the least. I don't have emotions when others do things wrong or in a very insecure way on their servers. In fact, after decades on the net, I don't get angry, upset, or have any emotion about anything in these or other forums or sites; but we admins and moderators will enforce rule violations, and so far you have not broken any rules, LOL . Thank you for always following the forum rules. Much appreciated.
In general, I am concerned about cybersecurity, professionally speaking.
Cheers and good luck!
PS: If you truly have a web server where you do not care in the least about security, then just set up apache2 to run with the userid of root and not www-data and be done with it. LOL.... then you can do whatever you want, insecurely as you like
Easy.|
|
8 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello,
I am new to unix, but wanted to know how can we fetch data from a web page (i.e. an HTML Page), my requirement is to read an html page and wanted to create a flat file (text file) based on the contents available in the mentioned HTML page.
Thanks
Imtiaz (3 Replies)
Discussion started by: Imtiaz
3 Replies
2. Shell Programming and Scripting
Wish you all a very happy new year.
I have a web url "http://marabou.mis.amat.com/cgi-bin/iman?IMAN_server_report=full"
where marabou.mis.amat.com is my server name. the page content is below.
*********************************************************
TcEng Web server report
Thu Jan 4... (4 Replies)
Discussion started by: Krrishv
4 Replies
3. Solaris
Hi there. I'm trying to upgrade a Sun Blade 100 to Solaris 9.
I downloaded and burned the install, disc 1, disc 2 and tools CDs from Sun. I turned off auto-boot, put in the CD and enter the following:
# boot cdrom -nowin
The cdrom boot starts, and I get prompted to choose a language... (2 Replies)
Discussion started by: calenti
2 Replies
4. UNIX for Dummies Questions & Answers
Hi all,
I am new to UNIX and so am struggling a bit on using the right commands.
I am working on a remote UNIX server and i need to load a web page using firefox. I can use the client IP address to access the web page but i am not able to do so because the command i am typing is wrong.
... (1 Reply)
Discussion started by: greg15
1 Replies
5. Web Development
Hello,
I have created a web page on a server using apache and added .htaccess and .htpasswd in the folder for authentification.
I was wondering if there was anyway to tie-in the login for this page with the login used to logon to the server.
i.e. the same login info. is used for both,... (2 Replies)
Discussion started by: WhotheWhat
2 Replies
6. Cybersecurity
Hello,
I have created a web page on a server using apache and added .htaccess and .htpasswd in the folder for authentification.
I was wondering if there was anyway to tie-in the login for this page with the login used to logon to the server.
i.e. the same login info. is used for both, when... (1 Reply)
Discussion started by: WhotheWhat
1 Replies
7. Web Development
Hi,
I have html page in my unix machine(server), which I will open with firefox or mozilla available in unix machine. Firefox or mozilla will be opened using x windows.
Since I have access to unix machien(like other users) and this HTML page is for user having access to Unix machine, I see no... (7 Replies)
Discussion started by: vamanu9
7 Replies
8. Web Development
Hi All,
I'm getting this below error
bash-4.1$ ./apachectl -k start
(98)Address already in use: make_sock: could not bind to address hostname:18000
no listening sockets available, shutting down
Unable to open logs
I tried to change the port number, still same error:
... (5 Replies)
Discussion started by: raghur77
5 Replies
LEARN ABOUT REDHAT
upsset.conf
UPSSET.CONF(5) Network UPS Tools (NUT) UPSSET.CONF(5) NAME
upsset.conf - Configuration for Network UPS Tools upsset.cgi DESCRIPTION
This file only does one job - it lets you convince upsset.cgi(8) that your system's CGI directory is secure. The program will not run until this file has been properly defined. SECURITY REQUIREMENTS
upsset.cgi(8) allows you to try login name and password combinations. There is no rate limiting, as the program shuts down between every request. Such is the nature of CGI programs. Normally, attackers would not be able to access your upsd(8) server directly as it would be protected by the ACCESS/ACL directives in your upsd.conf(5) file and hopefully local firewall settings in your OS. Since upsset runs on your web server, it could provide a passage from the outside to the inside, bypassing any firewall rules or upsd access control limitations, since it appears to be coming from the web server. This is why you must secure it first. On Apache, you can use the .htaccess file or put the directives in your httpd.conf. It looks something like this, assuming the .htaccess method: <Files upsset.cgi> deny from all allow from your.network.addresses </Files> You will probably have to set "AllowOverride Limit" for this directory in your server-level configuration file as well. If this doesn't make sense, then stop reading and leave this program alone. It's not something you absolutely need to have anyway. Assuming you have all this done, and it actually works (test it!), then you may add the following directive to this file: I_HAVE_SECURED_MY_CGI_DIRECTORY If you lie to the program and someone beats on your upsd through your web server, don't blame me. SEE ALSO
upsset.cgi(8) Internet resources: The NUT (Network UPS Tools) home page: http://www.exploits.org/nut/ NUT mailing list archives and information: http://lists.exploits.org/ Tue Jul 30 2002 UPSSET.CONF(5)