Securing a Linux-based Multi-User Web Server

M. Prandini (Italy)

Keywords

web server security, mandatory access control, SELinux, Apache, PHP

Abstract

A commonplace solution for putting a web site on-line at a reasonable cost is hosting, that is placing it on a shared server, together with other sites. Hosting providers face significant security problems, both in terms of avoiding misuse of their servers by “guests”, and in terms of providing effective isolation between them; the Discretionary Access Control model implemented by traditional operating systems can fail to provide adequate solutions to these problems. This work describes a system based on the integration of the widely adopted Apache/PHP platform with the powerful Mandatory Access Control features offered by the Security-Enhanced Linux project. The resulting solution combines a sound approach to the most common security problems with a very tolerable impact on system administration complexity.

Important Links:



Go Back