Hi,
i m working on finding best-practices in webserver-security (for my servers).
as this is an in-dev-process, i would really appreciate some criticisms, hints, ...
sample-server:
grsecurity (hard) patched server with active least-priv-policy (RBAC)
apache with mod_rails (one user per webapp)
logs external on a server with splunk
brJ