Setting up a secure Debian apache server

To: debian-user@lists.debian.org
Subject: Setting up a secure Debian apache server
From: Steve Dondley <sdondley@dondley.com>
Date: Thu, 27 Oct 2005 23:04:34 -0400
Message-id: <[🔎] 36b9121d0510272004p39d41f85pa794b5fcdea6838f@mail.gmail.com>

I'm setting up a server that will host many web sites on my Debian
Sarge machine.  Each site will be administered by a different user. 
Each site will give users SFTP access, access to the cgi-bin, and to
PHP (with mod_php installed).  I'm not very worried about my users
doing anything malicious.  However, if a hacker ever obtained a
password from one of my users, they'd essentially have free reign on
my server to run any kind of perl/php script they wanted.

So assuming a hacker did get access to a user's web space, what can I
do to limit the damage?  I'm having trouble tracking down a document
that will give me a good overview some basic precautions.  Here's some
specific questions:

Must I abandon mod_php?  Is fastcgi the way to go?
If permissions on my files are set properly, is it really necessary to
chroot apache?
What's this v-host (virtual host?) someone mentioned to me?  Is this
like giving each user their own chrooted apache server environment?
I use webmin to help create sites quickly and easily.  Must I abandon it?

Reply to:

Follow-Ups:
- Re: Setting up a secure Debian apache server
  - From: "Roberto C. Sanchez" <roberto@familiasanchez.net>

Prev by Date: printing a certain .ps causes usb kernel errors
Next by Date: Re: QQ about apt.
Previous by thread: Re: printing a certain .ps causes usb kernel errors
Next by thread: Re: Setting up a secure Debian apache server
Index(es):
- Date
- Thread