Sometimes I get on this blog and I forget I can write about almost any subject. There isn't just one thing in my life and there are plenty of interests that go around. Lately I have been working on malware analysis (e.g., reverse-engineering how computer viruses function and work to fix the damage they cause) and standing up what is termed as a Linux
Apache MySQL PHP (LAMP for short) server. These projects are fun to to (at least to me) and everytime I work on these little projects, makes for good, fun learning experiences. Today I have a couple things to write about the LAMP server creation. Here is a text-screenshot of the webserver just after install:
For folks that never worked on building their own webserver, it does take some work but in the end you will stand to learn that a well planned setup that you build yourself can leave you with a rewarding experience. Personally I used to be completely happy with just simply installing packages or taking a 'ready made' setup and makeing one or two tweeks. But what I have found is that you may end up with little extra things that lurk below your normal attention but are still there that may either be simply undesirable or may even represent vulnerabilities that are just waiting to be exploited. It can really blow up on you if you happen to be unaware of it.
So I decided to take a basic
Red Hat Linux version and install just the base components onto an old Dell Inspiron laptop I had laying around and load in all the nessesary pieces (ie. the Apache Webserver, the MySQL database) and setup a basic firewall to help protect it. As an extra challenge, I decided whenever possible, to compile as much as possible from source
code. So far I got as far as setting up the firewall and defining rules, and getting Apache 1.3.41 with SSL support compiled and running.
Before I go on, I am going to subject it to a vulnerability assessment to see what aspects of it are open and in need of attention before further progress. This way I can see its attributes (both negative and positive of course) just as it is fresh 'out-of-the-box'.
I will write in later when the tests are done and I get MySQL installed (ah...a day without a SQL query is like a day without solar fusion.)