-1

I'm wanting to setup a web hosting service similar to Dreamhost which allows SSH. I'm wanting to know how I can go about letting users connect via SSH but prevent any type of malicious activity. What methods should I go about in securing my Debian server against users who don't like to obey the rules, or don't wish to have restrictions (accessing root). Also how would I make sure some processes aren't running too long (x seconds then it will shut down the process).

I'm also wanting to host with Apache but I've had a few enemies not enjoy my presense on the internet and attack my server using apache exploits. What patches, modules or other secruity additions should I implement to prevent my apache server from taking my server down? I understand that without a hardware firewall, there are other requests that can take down my server, but I'm looking for things that can be done from a VPS on my end.

Finally, how do I allow users to host scripts that write in their home dirs so they can perform file read and write? I have managed to get the directories to have domain www dirs, but users face issues with writing.

Thanks!

dab
  • 149
  • 7
  • You would probably get more productive answers if you asked each of your questions in a separate question. – Wesley Sep 21 '11 at 03:22

1 Answers1

0

You need chroot to limit ssh users to their home directories. If you will kill any long-time running process, you will periodicaly kill user shells :) Use RCPULimit for cgi scripts, and max_execution_time in php.ini for PHP. For securing apache see this tips. If you think this is insufficient, use SELinux.

Selivanov Pavel
  • 2,206
  • 3
  • 26
  • 48
  • What if they wanted to install things like ffmpeg or if they decided to compile another binary, I don't want it executing for too long. Also, users can override `max_execution_time` :( Thanks for the help thus far though. I'll look into chroot more and I'll spend a long while reading the apache tips page! – dab Sep 20 '11 at 23:22
  • OK, I'm your user. I had run [screen](http://www.gnu.org/s/screen/) with several shells: mc, text editor with unsaved file, ... I return on next day and see that all is broken! I want to compile some software with large sources, but compilation dyes every time! I become angry and leave your hosting. If you need to limit CPU time for all user's processes, use something like [cgroups](http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Resource_Management_Guide/ch01.html). With PHP safemode enabled settings such as script timeouts cannot be overridden. – Selivanov Pavel Sep 21 '11 at 00:06
  • And if you want to allow users to do various things on server, not related to hosting web applications, like compiling/installing software, you better should suggest them VPS hosting. – Selivanov Pavel Sep 21 '11 at 00:06