Aug 18, 2011
tom

Securing an SVN only server

Question

Everything’s running off of self-secured https. Aside from setting up user authentication, what steps should I take to be sure we’re secured?

Answer

  • Audit your OS patches, make sure you are running the latest security fixes
  • Shutdown unneeded services, perform an external nmap scan to make sure you aren’t running anything you don’t need
  • Secure your webserver! Here is one such article for apache http://blogs.techrepublic.com.com/10things/?p=477
  • Use LDAP or another extenral authentication mechanism (over SSL)
  • Enforce password strength and rotation policies
  • (if appropriate) set-up path level access

Subversion as a daemon is rather trusting itself and hands most of the fine-grained user-permissions back into the realm of apache. Can you tell us more about your exact scenario, are you offering this subversion server to public use?

When you say “self-secured” https, you mean a self-signed certificate? If so look at how you are distributing either that certificate or the CA and ensure that that path is secure in itself.

Related posts:

  1. Securing SSH server against bruteforcing
  2. Linux & SVN: How to remove all versioned files but KEEP directory structure, ignore .svn dirs?
  3. Securing a freshly installed LAMP + Virtualmin server
  4. Securing data sent to an unencrypted WiFi AP
  5. Securing access to a website on IIS

Leave a comment