Confining the Apache Web Server with Security-Enhanced Linux
June 2001
Michelle J. Gosselin, The MITRE Corporation
Jennifer Schommer, The MITRE Corporation
ABSTRACT
Restricting the access of a web server to system resources limits the potential damage caused to those resources through exploitation of web server vulnerabilities. However, allowing the web server to access the required resources enables the web server to provide expected functionality. This combination of denying unnecessary access and allowing required access results in providing web server functionality while limiting damage.
To demonstrate this, we hosted the Apache web server on Security-Enhanced Linux, an operating system that enforces a mandatory access control policy. By tailoring the Security-Enhanced Linux policy, we were able to control interaction between the Apache web server and other processes and files on the system. The policy dictates that Apache is only allowed to display web pages and perform limited functions that support the display of web pages.
» Download Paper [PDF, 57KB]
Additional Search Keywords
operating system security, web server security, access control policy, apache selinux
|
