Sonntag, 3. April 2011

Incident Response with Server- and Config-Management

Hi,
i m working on finding best-practices in webserver-security (for my servers).
as this is an in-dev-process, i would really appreciate some criticisms, hints, ...

sample-server:
grsecurity (hard) patched server with active least-priv-policy (RBAC)
apache with mod_rails (one user per webapp)
logs external on a server with splunk

brJ

7 Kommentare: