[olug] Web Server, MySQL and security

Christopher Cashell topher-olug at zyp.org
Wed Sep 1 19:23:25 UTC 2010


On Wed, Sep 1, 2010 at 2:11 PM, T. J. Brumfield <enderandrew at gmail.com> wrote:
> I've always gone through hosting companies, and I may be building a web
> server box. Is there a nice checklist of security concerns for someone
> building largely their first LAMP box?

Most of this is going to be basic security practices.  Remove or
disable services you don't need, enable itpables, limit access to
local hosts whenever possible, remove any default/demo web apps that
might get installed, etc.  There are lots of "Best Practices" guides
and documents available on this (heck, even the NSA has one:
http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml#linux2).

> Specifically for a low-bandwidth site, I'm pretty sure any server I throw at
> it will be overkill from a CPU and RAM perspective. I imagine disk I/O on
> all the SQL calls are going to be my only bottleneck, if I have one.
>
> Could I mount a partition directly into RAM to get fast SQL reads, but then
> replicate that data back to physical disc? Can I do that with the actual web
> site files as well?
>
> I know you can do that with commercial offerings like TimesTen, but I wasn't
> sure if I could do that with MySQL out-of-the-box.

You can get most of the benefits here fairly easily by taking
advantage of Linux.  First, figure out how big your database will be.
Then, pack as much RAM as you can afford/fit into your server.  By
default, Linux will utilize any unallocated memory as disk cache,
automatically speeding up your database reads.

Unless you know (through testing and benchmarking) that you have IO
needs beyond this, I would bother with anything else.

> -- T. J.

-- 
Christopher



More information about the OLUG mailing list