Linux Format forums

bobthebob1234 · Last edited by bobthebob1234 on Wed Mar 30, 2011 8:21 pm; edited 1 time in total

Right I have had a boring afternoon so I have been think about a lot of random stuff, and a couple of questions have come to mind, but they don't each deserve their own topics.
Please answer if you have an answer to any!

Here we go!

I have two servers, both with LAMP stacks on, serving different websites. Would it be better to have one running MySQL and one apache, then I can concentrate on hardening them individually rather than doing something on one and not the other.
Anyone know of any good online tutorials or books for
1. MySQL security/hardening
2. Apache security/hardening
3. General linux server admin/security/hardening
Anyone got The Official Ubuntu Server Book (Aug 2010); is it any good (or am I being stupid not checking the subs area for a review)
Thankfully I have forgotten the rest
EditRemembered some: Anyone know any good books or tutorials for sql injections and web app security testing (testing mine, not others!)
How do (PHP) PDO objects stand up to sql injections and other attacks?

_________________
For certain you have to be lost to find the places that can't be found. Elseways, everyone would know where it was

Dutch_Master · LXF regular Joined: Tue Mar 27, 2007 2:49 am Posts: 2359

1) No, as Apache and mySQL interact locally. It might be possible in theory, but I wonder if the prevention would be worse then the cure then... Wink

2) http://www.google.com

3) Don't learn Ubuntu, learn Linux! ISBN: 978-0-13-148005-6 Admittedly not the cheapest book, but if you take in account the non-necessity of purchasing additional books on various subjects it's quite good value for money!

4) Nothing a quick Google can't solve Wink

bobthebob1234 · Posted: Wed Mar 30, 2011 8:24 pm Post subject:

Thanks

2)i've been googling all afternoon, just wondering if anybody has any personal recommendations

3)I've got a birthday coming up... Very Happy

_________________
For certain you have to be lost to find the places that can't be found. Elseways, everyone would know where it was

Dutch_Master · LXF regular Joined: Tue Mar 27, 2007 2:49 am Posts: 2359

Can't help you with items 5 and 6, but I've put in a link to the publishers website, listing it at a smidgen below 44 quid. For that you get over 1,300 pages of advice, history and explanations, so do the maths yourself. I have it, and recommend it for study on any serious ICT course... Hunt around for better deals though Smile

bobthebob1234 · Posted: Wed Mar 30, 2011 8:42 pm Post subject:

half price on amazon Very Happy

_________________
For certain you have to be lost to find the places that can't be found. Elseways, everyone would know where it was

towy71 · Posted: Wed Mar 30, 2011 8:53 pm Post subject:

I was about to post that exact same comment Rolling Eyes

_________________
still looking for that door into summer

Arthur_Dent · Posted: Thu Mar 31, 2011 11:50 am Post subject:

2 & 5 ) I presume you use ModSecurity on your webserver. If not you really should.
I believe that Ivan Ristic's book "Modsecurity Handbook" is very good on the subject of Apache hardening in general and ModSecurity in particular - Although I must stress I haven't read it myself.

bobthebob1234 · Posted: Thu Mar 31, 2011 3:47 pm Post subject:

I was going to 'install' (if thats the word) it during easter, I have the book with the ninja on, but must confess I haven't read it yet cos I left it at home Sad

_________________
For certain you have to be lost to find the places that can't be found. Elseways, everyone would know where it was