Setting up a secure Debian apache server
I'm setting up a server that will host many web sites on my Debian
Sarge machine. Each site will be administered by a different user.
Each site will give users SFTP access, access to the cgi-bin, and to
PHP (with mod_php installed). I'm not very worried about my users
doing anything malicious. However, if a hacker ever obtained a
password from one of my users, they'd essentially have free reign on
my server to run any kind of perl/php script they wanted.
So assuming a hacker did get access to a user's web space, what can I
do to limit the damage? I'm having trouble tracking down a document
that will give me a good overview some basic precautions. Here's some
specific questions:
Must I abandon mod_php? Is fastcgi the way to go?
If permissions on my files are set properly, is it really necessary to
chroot apache?
What's this v-host (virtual host?) someone mentioned to me? Is this
like giving each user their own chrooted apache server environment?
I use webmin to help create sites quickly and easily. Must I abandon it?
Reply to: