[SOLVED] Recommendations needed - Arch + Apache for local development

iopo · 2009-10-26 07:43:20

Hello,

I'm a new Arch user, and relatively new with Linux. I'm getting to like Arch very much.

I do web development, and I do most of my programming in PERL.
I have already installed perl and some tools, and I'm about to install apache. The Idea is to have the apache server just for local development and testing.

So the question is: Do you recommend me to install some firewall?
What security measurements should I take?

Is there any easy way to enable and disable Internet access to the apache server?

Thank you!

Last edited by iopo (2009-10-28 19:24:14)

Ashren · 2009-10-26 08:33:04

What I would do would be to set up a Virtualbox LAMP(P) server with bridged network enabled. Then you can experiement all you want and just pause or close the vbox machine when you don't want it to have internet connection.

About the firewall bit someone else might have some suggestions.

stryder · 2009-10-26 09:32:58

If your internet is via a router you are probably behind a firewall. I also have a local network and I set the server to listen at the local address so only my local machines can access the site.

iopo · 2009-10-27 06:12:15

Thank you friends.

Yes, my Internet is via router. I like the Idea to set the server to listen at local address, I will try that.

Now, as I'm new to Linux and Arch, I will like to know if I should take any extra security measurements. In windows I used anti-virus + firewall all the time, and I blocked apache to access the Internet with the firewall.

I have set a strong root password, but the "normal user" has sudo. Is that secure enough?
Is there any "must have" security tools or measurements to set is a box like mine (Desktop usage + local network (3 machines) + apache for local usage and testing only)?

Is it common to get some malware, worm, trojan, spyware or some kind of phishing just by surfing the web without user "action" to install it?
I know Linux is much safer because users and permissions. I like that very much, It feels a lot safer.

Now, I have used Arch for a week or so with no firewall (router firewall is disabled also) and no anti-virus. Absolutely no special security measurements and there seems to be no log-in attempts in logfiles .. and no problems at all. Windows without firewall and anti-virus will die in a few hours just by leaving it connected to Internet....

I just wanted to ask you all (Arch users) if you normally use Firewall, and if you take some special measurement to stay free of trojans, spyware, etc...

I will appreciate your comments.
Thank you!

Ashren · 2009-10-27 08:26:44

Why have you disabled your router firewall? Just curious.

I use no firewall except hosts.allow hosts.deny and my router firewall. Most ports are closed. I have never experienced any kind of break-in attempts.

Here is some reading that might interest you: http://wiki.archlinux.org/index.php/Firewall / http://wiki.archlinux.org/index.php/Sim … wall_HOWTO

Last edited by Ashren (2009-10-27 08:27:27)

iopo · 2009-10-27 08:58:05

I have disabled the router firewall long time ago because it caused some performance decrease with torrent downloads, and there was some thing else that I don't remember right now. I did port forwarding and everything, it worked, but works better without firewall. And I had the software firewall on the machines so...

And now, It's fun to have it open just to test Arch

I use to travel and work, if every thing goes ok with the PC I plan to install Arch on my laptop. With the laptop I get connected with all kind of Internet connections ... so I want to test with the PC first.

I have already read about iptables, sound good, but seems to be complicated, but that's maybe because I haven't tried it... Is there any statistic about what percentage of Arch users uses iptables or other firewall? I'm wondering how necessary could it be.

Thanks.

stryder · 2009-10-27 16:38:07

An outsider from the internet cannot intrude into your system unless some program allows him in. Arch is good because you are building the system and so you know the programs you are using. Also consolidating the control of these programs into one config file - rc.conf - makes it easy to keep track. If you don't run these services, there is no vulnerability. Also often you can configure the services to listen to the local network, or respond to only local requests. Hosts.allow and hosts.deny can further restrict those who can interact with your system. You can further restrict which users can have password access. In other words, maintain a secure system and understand and minimise your vulnerabilities. The firewall needs to be seen in this context. Services that you might be using are SSH, file sharing like samba or nfs, and httpd, the web server.

For me I do have a firewall - shorewall - which basically uses iptables. My web server listens locally and I only turn it on when I need it - it is off by default. SSH also listens locally and root login is not permitted. Samba allows only specific IPs and has only 1 user. Hosts.allow only allows specific IP addresses.

iopo · 2009-10-28 05:19:27

Great answer. Thank you stryder!
That's exactly the kind of comment I was looking for. Now I have a better understanding to start working and learning.

Thank you all.

stryder · 2009-10-28 12:41:39

Glad to help. Would be a good idea to add [solved] to the thread title (edit first post). That's how they like things done here.

Arch Linux

#1 2009-10-26 07:43:20

[SOLVED] Recommendations needed - Arch + Apache for local development

#2 2009-10-26 08:33:04

Re: [SOLVED] Recommendations needed - Arch + Apache for local development

#3 2009-10-26 09:32:58

Re: [SOLVED] Recommendations needed - Arch + Apache for local development

#4 2009-10-27 06:12:15

Re: [SOLVED] Recommendations needed - Arch + Apache for local development

#5 2009-10-27 08:26:44

Re: [SOLVED] Recommendations needed - Arch + Apache for local development

#6 2009-10-27 08:58:05

Re: [SOLVED] Recommendations needed - Arch + Apache for local development

#7 2009-10-27 16:38:07

Re: [SOLVED] Recommendations needed - Arch + Apache for local development

#8 2009-10-28 05:19:27

Re: [SOLVED] Recommendations needed - Arch + Apache for local development

#9 2009-10-28 12:41:39

Re: [SOLVED] Recommendations needed - Arch + Apache for local development

Board footer