[Linux] Setting up a web site

[Dean Benson]

Also search freshmeat.net for tripwire -- a very nice IDS and it can help by
setting automatic defenses like enabling an IPCHAINS rule addition to filter
packets from offenders scanning or testing ports ...

Dean

On Sat, 01 Jul 2000,
Flavored UNIX wrote: > From: kerryb <kerryb@blalock1.com> >  > > Can anyone
give me some pointer on connecting a personal web site to > the internet? I
have telocity ADSL connection. I know I need a domain > name. I have apache
configured on my system. What other pieces am I > missing to get it going?
> 
> 
> Technically, none.  The minimum requirements to host a website are an IP
> address and a web server.  However, it's handy for others to access your
> site with a host name, so you should register one (register.com has a
> good system).  Once your domain is registered you need to decide who
> will handle DNS for it.  As I see it you have three options, in
> increasing order of difficulty.
> 
> You can have your registrar (e.g., register.com will do your DNS) be
> authorative for your zone.  You can do it yourself, but on someone
> else's machine, such as a free DNS server (e.g., granitecanyon.com).
> You can do it yourself on your own machine.
> 
> The most hassle-free solution is to let someone else deal with it.
> Specifically, register.com has a very easy to use "Manage my domain"
> section that includes total DNS control.  You can simply point your
> domain name to your IP address through their forms.
> 
> The most dangerous solution is to run DNS yourself.  Everyday my box
> gets at least two VERSION.BIND requests from script kiddies looking for
> an easy target.  "Anonymous" zone transfers are enabled by default.
> Etc., etc.  If you don't secure your DNS you *will* get rooted.  On the
> other hand, it is satisfying to be authoritative for your own zone.
> Just be very mindful.
> 
> Along the same lines, you're not running wu.ftpd are you?  If so, have
> you patched it since the latest root exploit (announced about a week
> ago)?  Is your Apache configuration sane?  Are you running any CGI
> programs you didn't write yourself?  Have you audited them?  Are your
> CGI scripts safe?
> 
> I'd suggest running an intrusion detection system (IDS), to keep an eye
> on things.  I like snort (snort.org).  Mind you, this has nothing to do
> with running a website, but being connected to the Internet 24/7.  It's
> incredibly dangerous out there in packetville.
> 
> Well, that's about it.  Oh, you might also care to submit your site to
> be indexed by the search engines.  Have fun and be safe.  And watch your
> logs!  Get some kind of log checker program that will email you if
> unexpected things happen.  There are a bunch out there, of varying
> utility.  I'm about to finish my take on the ideal log checker -- I'll
> make it available when it's done.
> 
> javier
> 
> 
> _______________________________________________
> Linux mailing list
> Linux@flux.org
> http://www.flux.org/mailman/listinfo/linux
-- 
---
Dean Benson