by Akash Mahajan (@makash) on Wednesday, 9 May 2012

Vote on this proposal
Status: Confirmed

Session type

Technical level



Learn the basic approaches to securing linux based web servers without getting too technical. This talk will be useful for anyone running a linux server with full root access.

You don't need to be an experienced system administrator to understand and use the content of this talk. But if you are a full time system admin you will get to know a structured way of looking at server security.

The following types of servers running Linux Virtual Private Server/Dedicated Server/Rackspace Cloud Instance/Amazon EC2

Not going to help if you have your website on Shared servers like Dreamhost/Go Daddy/Host Gator


You will learn the holistic way of securing a linux server which can serve web sites. The 80/20 rule about hardening your linux web server with minimal effort.

In Brief This is what we will cover

  • Reducing the attack surface.
  • Patching and Updates
  • Securing Secure Shell Access
  • Securing Apache
  • Securing MySQL
  • Logging and Monitoring
  • Setting up a basic firewall

Not going to be covered ( Mostly because of lack of time and ROI )

  • Securing Email Servers
  • Setting up VPNs
  • Protecting Against Denial of Service Attacks
  • Setting up SELinux, GRSec, Custom Kernels
  • Chroot Jails
  • DNS Server

Not Going to Discuss

  • Why Ubuntu and why not <INSERT FAV. DISTRO>
  • Why Not BSD
  • Why Apache and why not <INSERT FAV. WEB SERVER>



An open mind, a sense of humour.

Good To Have

  • Bring a laptop running Ubuntu Server 10.04 LTS if you want to try out things.
  • Refresh your understanding of the TCP/IP Stack
  • Get a notebook to take notes
  • You should have some idea what the following words mean SSH, Apache, Web Server, Database Server, MySQL, BASH, Command Line

Speaker bio

I freelance as a Web Security Consultant. I help companies become secure by helping them understand approaches to security for servers, web applications, user data and sometimes their network.

Among other things I am the co-founder+Community Manager for "null - The Open Security Community" and OWASP Bangalore


  • 1
    [-] Akash Mahajan (@makash) Proposer 5 years ago (edited 5 years ago)

    Please download the checklist directly from my server ("")

Login with Twitter or Google to leave a comment