dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
825
share rss forum feed


Nordy

join:2007-10-20
kudos:1

Change MySQL, Apache and Php's default install locations in Ubuntu

How does on change the default installation locations for MySql, Apache, Php either when installing them, or after they've been installed on Ubuntu Server?

Someones a little uncomfortable leaving things in their default installation locations, and wanted them changed to to something like, say, xxxMySql/ and xxxServer/ and xxxPhp/

How can something like this be done?

It's easy to do on Windows, but not with Ubuntu Server.

Thanks



Clever_Proxy
Premium
join:2004-05-14
Villa Park, IL

Short answer, not easily. The package manager does a really nice job of handling the installation and removal of binaries, scripts and library files. Trying to move all of this yourself is like trying to install software on a windows computer without using an .exe file.

If I were to approach this, I would compile everything myself and then write my own scripts for things like init.d

The bigger question I have is, why? Are you doing this for security reasons?



Nordy

join:2007-10-20
kudos:1

Umm... Right. For security reasons.



stray

join:2000-01-16
Warren, NJ

2 recommendations

reply to Nordy

Changing folder names isn't very helpful. This will slow an attacker down by about 5 seconds.

Important things to do:

Change your SSH port to something random

Install fail2ban - this and the SSH port change will keep brute force attacks at bay

Turn off password authentication for SSH. Make it certificate only.

Allow SSH only from known IP addresses

Make absolutely positively sure your PHP code filters all SQL injection attacks

Close down all non-essential ports from external access with IPTables. Ideally you'd just keep SSH, HTTP, and HTTPS open. If you're running a mail server then you'd need to open POP, IMAP, and SMTP.

Make sure your mail server access is password protected

You could install ModEvasive to thwart DDOS attacks, but this is better done at your datacenter's peer interface. Find a host & datacenter that does this for you.

Harden PHP - »www.owasp.org/index.php/PHP_Secu···at_Sheet

Harden your network with sysctl - »www.cyberciti.biz/faq/linux-kern···rdening/

or....

»lmgtfy.com/?q=harden+ubuntu+server
--
V-Rtifacts - When Virtual Reality Was More Than Virtual


Nordy

join:2007-10-20
kudos:1

That's a lot of useful advice, stray. Thanks very much. I'm gonna do just this (in addition to a lot more). Lets see how long we last.



stray

join:2000-01-16
Warren, NJ
reply to Nordy

In general, as long as your site isn't "attractive", meaning you either handle a LOT of money/items-of-value, or the site engenders lots of haters, you won't be a major target. These basic protections will most likely discourage attackers to the point where they'll look elsewhere for softer targets.
--
V-Rtifacts - When Virtual Reality Was More Than Virtual