[Chugalug] Running multi sites on one(non virt) machine

David White dwrudy at gmail.com
Mon Mar 17 13:55:24 UTC 2014


I'm digging up an old thread. Originally, I searched my Chugalug archives
for OSSEC, but this email thread (ironically) brings up the real reason I
was searching for OSSEC - figuring out a better way to secure my shared
webserver infrastructure.

Because right now, the single shared server I operate is anything but
secure other than a few scripts monitoring for file hash changes and having
password auth turned off, only relying on key-based auth, and blocking IP
addresses that repeatedly try to brute force the machine (I also manage
dedicated servers which is obviously much more preferable, security-wise).

I really need a way to separate permissions and visibility from 1 user's
directory to another's (user X shouldn't be able to see user Y's stuff when
they login via sFTP). Even though I have my user's stuff separated in
different directories, any user - if they wanted to and knew how, could
navigate *up* the directory tree and then over into another user's folder.

Permissions are set so that they can't actually edit the files, but reading
the files is bad enough... This has always been in the back of my mind as
an issue I need to deal with - and I hate cPanel, and refuse to use it.

I'll take a look at the Webmin idea, as well as Apache vhosts... I think I
remember looking into that a year or two ago, and not getting anywhere with
it. I'll try another attempt.



On Mon, Jun 24, 2013 at 10:50 AM, Matt Keys <mk6032 at yahoo.com> wrote:

>  Thanks for the tip on etckeeper! Tripwire / OSSEC hash files and tell
> you if the hash has changed but they don't give you the actual change. This
> should work much better!
>
> Regards,
> Matt
>
>
> On 06/23/2013 02:52 PM, Jason Brown wrote:
>
> I like the way virtualmin <http://www.virtualmin.com/> (A webmin addon)
> handles this, even if I don't always use the software.  You can use it for
> configuration, then shut it down when not needed if it's overhead is in the
> way.
>
> In short, each website / apache virtual host gets it's own user, unless it
> is a sub-server under and existing user. It's a good data segmentation
> model.
>
> For web site setup operations it is also a useful learning tool, change an
> option and see what it did in the configuration file(s). etckeeper + git is
> your friend here.
>
> --Jason
>
>
>
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>
>


-- 
David White
Founder & CEO

*Develop CENTS *
Computing, Equipping, Networking, Training & Supporting
Nonprofit Organizations Worldwide
http://developcents.com
423-693-4234
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20140317/f16201c7/attachment.html>


More information about the Chugalug mailing list