System Configuration

There are certain things that you can do to your system to make it more efficient as a webserver and also to make it more secure and resistant to attack if one of your user accounts is compromised. I will not discuss security in general which is an important part of any setup but just those that pertain to this setup.

Perhaps the greatest risk in this setup is that one of your user accounts will be compromised. We will try to make it so that the worst that they can do is temporarily deface the webpage controlled by the account that was compromised. One sort of attack that you want to prevent is filling the filesystem. Running out of room can cause programs to act strangely and might allow permanent damage to files if the filesystem were filled and then files were accessed and not allowed to write completely. The simplest way to prevent these sorts of attacks is to prevent the amount of space a potential attacker is allowed to use using disk partitions and quotas.

Disk Partitions

Set up separate partitions. Files cannot spill over from one partition to another. So, it is a good idea to have /, /var, /home, /home/www and /tmp in different disk partitions. This will help isolate an attack on any particular area.

Ext2 partitions you can specify mount options like noexec and nodev that will prevent programs from being executed and device files from being created respectively. If you are not deploying any cgi programs in your webpages then I highly recommend that you mount the partition noexec. You will not lose the ability to run server processed languages like php, but you will eliminate a whole realm of possible exploits on your system. Also you should consider mounting /home nosuid though for reasons I will get into later this is not possible for /home/www.

Any partitions that you would like to use quotas on will also have to have the usrquota and/or grpquota mount options. These are not actually used by the mount program but other programs involved in the quota process expect for them to be present on filesystems using quotas.

Partitioning will have possible additional benefits so far as disk i/o is concerned. When accessing multiple files on a single partition there are certain limits placed on how the operating system can access things because the writing of one file affects how another on the same partition can be written. If this machine is operating primarily as a webserver then this should not matter as much but it certainly shouldn't hurt anything.

The setup I am using is this:

Table 1. Disk Partitions

Quotas

Set up quotas. This will set limits on how much different users and groups can write. Again, this is not to impose restrictions on your users so much as it is to prevent the damage that an attacker can do to the system at large from a compromised account.

In order to use quotas on a particular filesystem it must have the usrquota and/or grpquota mount option. According to the mount(8) manpage these options are ignored for ext2 filesystems, but the quota management programs check for them in /etc/mtab before they will run.

Before quotas can be used on a particular filesystem the accounting files have to be created using:


          quotacheck -c /dev/hdc2
        

Where /dev/hdc2 is the filesystem you want quotas on. This will create a file aquota.user at the base of the filesystem. To then edit the quota information for particular users you use:


          edquota username
        

Quotas can control the amount of disk space that a user can have or the number of inodes. Both properties have both a soft and hard limit. A user is denied access if they try to write more than their hard limit, but they can write more than their soft limit. A grace period exists (edited with edquota -t) that will allow them to be over their soft limit for a certain number of days before their files are cut. Users on this system will have very limited shell access, so setting the hard limit to the same as the soft limit is will prevent any confusion.