Classnotes | UNIX03 | RecentChanges | Preferences Your company, Oddyssey Inc., just had it's web server compromised. It is your task to build a new web-server with security as the most important consideration.
If you haven't already, create the following groups on your machine
pr, sales, business, admin, hr
You will need the following web-spaces:
Root web-site (for company information). Only administrators and PR people should have access to this directory. It would be advisable to move it to /home/services/www/root to try and make it harder for a cracker to find.
Office web-sites for Business, Sales and Human Resources. These would be best located in /home/services/www/business, sales, and hr. Be sure to have proper ownership.
CGI-BIN for Business office. This will be where the server side scripts for various business office tasks will be (such as payroll, accounting, etc.) Be sure to limit the access to this to members of your local domain so that others from the outside cannot access this. It would be advisable to place this in /home/services/cgi/business.
CGI-BIN for everything else. This is where new CGIs will be install for use site-wide. You only want administrators to have write access here. Place it in /home/services/cgi/sitewide.
Using the techniques discussed previously, setup Apache to run as securely as possible. The least of which, you should consider the following:
Which directories should allow SSIs? Which ones should allow SSIs to executables?
