# Server firewall rules questions, ipv4, general sec

## faemin

...Last edited by faemin on Sun Dec 02, 2012 9:43 pm; edited 2 times in total

----------

## phajdan.jr

 *faemin wrote:*   

> There are numerous web applications.  These are my highest security concern.  we have wsgi and also php, and now another python server.  I can't seem to get the wsgi app to run as another user--it seems that is only possible when apache is running as root?!

 

Oh, man, these can get really bad. Try to isolate them as much as possible, from each other and from the underlying system. To change uids you need root privileges. As long as they are dropped before processing untrusted data, it's OK (note: I'm not an expert on particular example of apache; this is just a general idea).

 *faemin wrote:*   

> Finally, I will likely begin to have untrusted users having shell access.

 

Seriously consider grsecurity then (part of hardened-sources), including things like Trusted Path Execution and other hardening features there like PaX.

 *faemin wrote:*   

> PPS  What is the best console based log analyzer?  I am using logcheck, and it never detects anything!

 

A login failure should appear in logcheck. Unless it's perfectly tuned for your system and unusual things never happen on your server, you should see some messages. I happen to be maintaing logcheck in Gentoo.   :Very Happy:  Have you followed the logcheck guide at http://www.gentoo.org/doc/en/logcheck.xml ?

----------

