Message from discussion Security and Ongoing Maintenance
Received: by 10.52.67.209 with SMTP id p17mr21243829vdt.0.1330867243005;
Sun, 04 Mar 2012 05:20:43 -0800 (PST)
Received: by 10.220.3.135 with SMTP id 7ls4512685vcn.8.gmail; Sun, 04 Mar 2012
05:20:42 -0800 (PST)
Received: by 10.52.89.235 with SMTP id br11mr2752600vdb.9.1330867242458; Sun,
04 Mar 2012 05:20:42 -0800 (PST)
Authentication-Results: ls.google.com; spf=pass (google.com: domain of
ands...@gmail.com designates internal as permitted sender)
Received: by k6g2000vbz.googlegroups.com with HTTP; Sun, 4 Mar 2012 05:20:42
Date: Sun, 4 Mar 2012 05:20:42 -0800 (PST)
X-HTTP-UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3)
AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11,gzip(gfe)
Subject: Re: Security and Ongoing Maintenance
From: andsens <ands...@gmail.com>
To: ec2debian <email@example.com>
Content-Type: text/plain; charset=ISO-8859-1
I mean apt-get update && apt-get upgrade of course. The former will
only update the list of available updates.
On Mar 4, 3:06=A0am, andsens <ands...@gmail.com> wrote:
> Honestly: apt-get update. That's all. If you configure your apache
> configuration fairly restrictive and it is the only open port in your
> firewall (plus ssh & ftp), you shouldn't have any problems.
> That is, if you are not running some kind of custom installed cms that
> needs updating.
> I would recommend that you let your users access the website via sftp
> though, and not ftp. It's one less dependency to worry about.
> You should chroot them and give them a private key for login, then
> disable password login to ssh entirely.
> On Mar 2, 3:16=A0pm, Ammianus <brian.las...@gmail.com> wrote:
> > Hi all, I am using debian-6.0-squeeze-base-x86_64-20110417
> > (ami-80e915e9) for some months for my own small projects. After
> > initially setting up a few web sites running in Apache, I haven't
> > really touched anything in terms of configuration for some time.
> > I recently set up a new website in Apache, and installed vsftp to
> > allow my user to upload files directly to their site's folder.
> > Just brought to mind the fact that I haven't actively logged in to the
> > machine in months, nor ran any kind of updates for the OS, or
> > software.
> > What should I be doing for keeping up to date with security fixes,
> > especially for Apache / Debian?
> > Looking through the Apache access logs I see the random requests from
> > strange IP#s with no browser details. I am worried about someone
> > trying to compromise my system as I don't generally monitor it every
> > day.
> > Are there general ways I can keep it relatively secure, but still
> > functional so i can upload files to the sites I am hosting?