20.7 Avoiding Security Problems
A Web server exposed to the public Internet requires an ongoing administrative effort.
It is inevitable that security issues appear, both related to the software and to accidental
misconguration. Here are some tips for how to deal with them.
20.7.1 Up-to-Date Software
If there are vulnerabilities found in the Apache software, a security advisory will be
issued by SUSE. It contains instructions for xing the vulnerabilities, which in turn
should be applied as soon as possible. The SUSE security announcements are available
from the following locations:
•
Web Page http://www.novell.com/linux/security/
securitysupport.html
•
Mailing List Archive http://lists.opensuse.org/opensuse
-security-announce/
•
RSS Feed http://www.novell.com/linux/security/suse_security
.xml
20.7.2 DocumentRoot Permissions
By default in openSUSE, the DocumentRoot directory /srv/www/htdocs and
the CGI directory /srv/www/cgi-bin belong to the user and group root. You
should not change these permissions. If the directories are writable for all, any user can
place les into them. These les might then be executed by Apache with the permissions
of wwwrun, which may give the user unintended access to le system resources. Use
subdirectories of /srv/www to place the DocumentRoot and CGI directories for
your virtual hosts and make sure that directories and les belong to user and group
root.
The Apache HTTP Server 397