Knowledgebase

Portal Home > Knowledgebase > Articles Database > looking tips for securing phusion passenger + nginx + mysql


looking tips for securing phusion passenger + nginx + mysql




Posted by samturion, 02-01-2013, 06:40 AM
Looking tips for securing phusion passenger(3.0.19) + nginx + mysql setup for ruby on rails application Currently i am using ubuntu server 12.04 lts (64 bit) and hardening tools like 1) csf 2) fail2ban 3) mysql secure installation 4) new relic free server monitoring 5) CalmAV 6) chkrootkit 7) apparmor Is there any specific hardening tools or scripts or steps for securing ruby on rails application using phusion passenger , nginx, mysql. If i missed out anything please add it
Posted by Adam-AEC, 02-01-2013, 11:34 AM
Make sure you are running the _latest_ Rails version - which I believe is 3.2.11. There were some serious exploits out for prior versions that were remotely exploitable. Other than that, I would set mySQL to listen on a local port (or firewall 3306 on the external interface). You could remove server tokens being sent back in nginx headers, which may help eliminating the curiosity factor. If you are using the Devise gem, there is an important security update out for that as well.
Posted by samturion, 02-02-2013, 11:16 PM
Thanks Adam


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
is there a way to run putty in windows mobile 6.1? (Views: 479)
Switching resellers (Views: 483)
Help installing s3fs (Views: 504)
Resellers in Europe (Views: 545)
Reseller Recommendations (Views: 529)

Language: