Linux Security Web And Vulnerability

Here the author wanted to give a simple tutorial how to install XAMPP (Web Server and DB), until the basic security safeguards to protect the real machine.

First you install the program for the Virtual OS, here the authors use a virtual box, after you install then create a new virtual machine, for example name mandriva, having made the necessary configuration for your network configuration made in bridge mode, after configuration is complete then Mandriva OS you install, after install and configuration tailored to the needs in Mandriva, after that, for the Web Server and DB server, you can download XAMPP or copy of an existing real machine.

Here it is assumed you have copied the file xampp-linux-mandriva xxxtar.gz to you, here the author uses the old XAMPP, which you can download the new official website.

[Admin @ localhost ~] $ su
Password:
[Root @ localhost admin] # ls
Desktop / Documents / Download / Music / Pictures / tmp / Videos /
[Root @ localhost admin] # cd Download
[Root @ localhost Download] # ls
xampp-linux-1.6.7.tar.gz *
[Root @ localhost Download] # tar xvzf xampp-linux-1.6.7.tar.gz-C / opt

After completion

[Root @ localhost Download] # cd / opt
[Root @ localhost opt] # ls
lampp /
[Root @ localhost opt] # cd lampp
[Root @ localhost lampp] # ls
backup / error / icons / libexec / modules / RELEASENOTES tmp /
bin / etc / lampp * licenses / phpmyadmin / sbin / var /
cgi-bin / htdocs / lib / logs / phpsqliteadmin / share /
[Root @ localhost lampp] #. / Lampp start
Starting XAMPP for Linux 1.6.7 ...
XAMPP: Starting Apache with SSL (and PHP5) ...
XAMPP: Starting MySQL ...
XAMPP: Starting ProFTPD ...
XAMPP for Linux started.
[Root @ localhost lampp] #

After that you go into the firewall mandriva you provide access to the web server that can be opened by the computer outside.

[Root @ localhost phpmyadmin] # cd ..
[Root @ localhost lampp] # cd phpmyadmin
[Root @ localhost phpmyadmin] # vi config.inc.ph


You change the input for the auth type from config to http, as above would result.

Description to vi
x to remove
Insert to edit, once completed press Esc
: W to save
: Q to quit

After that, do not forget to change the password, how http://localhost/phpmyadmin, enter the username root, password does not need to be filled and then click ok, go into and then do the edit privileges on the user root, find the change password, enter the password, then click Go.

For the configuration in PHP.INI, check in http://localhost and select English alone, then look for phpinfo () and then check the Loaded Configuration File in the directory where it exists.

To the authors installed in / opt / lampp / etc / php.ini then

[Root @ localhost lampp] # cd etc
[Root @ localhost etc] # vi php.ini



Configuration settings as needed, eg to avoid the LFI and RFI attacks the security of the Web server configuration on PHP.INI: allow_url_include = off, allow_url_fopen = off, magic_quotes_gpc = on but even so you also must look at its web application requires features or not, if yes then continue to use but you secure from the side scripting in PHP so that the configuration in addition to seeing from the side also needs attention to the security side.

After the installation is complete, here the authors assume your internet connection is Speedy and the local IP address in a virtual machine with OS mandriva is 192.168.1.12 then you are simply setting in your ADSL modem router as follows:

On the router TP-LINK modem to go into the Advanced Setup and select NAT and then click Virtual Server.



After that the display appears as below, rule index 1 means to rule number 1, below what is used for application to a web server is the only web content writer, author select all protocols, the start port number 80 and in ahkir 80, Local IP Address can be filled according to the local IP in the virtual machine that will be directed



By performing IP and Port Forwarding as above then the current public IP to port 80 on the call then the router will immediately direct the local IP with port 80 to the virtual machine. For things that are maintenance such as remote desktop and such can you give to a real machine, so if for instance on a virtual machine in trouble then you can still manage virtual machines remotely more easily and quickly.

If you are using a Speedy with a dynamic public IP then you can use the service free sub domain, for example http://www.no-ip.com, with a sub domain would then automatically adjusts the sub domain with your IP publk speedy change-change the This makes it easier for people outside you also open up your web server.