Securing an SVN only server
Everything’s running off of self-secured https. Aside from setting up user authentication, what steps should I take to be sure we’re secured?
- Audit your OS patches, make sure you are running the latest security fixes
- Shutdown unneeded services, perform an external nmap scan to make sure you aren’t running anything you don’t need
- Secure your webserver! Here is one such article for apache http://blogs.techrepublic.com.com/10things/?p=477
- Use LDAP or another extenral authentication mechanism (over SSL)
- Enforce password strength and rotation policies
- (if appropriate) set-up path level access
Subversion as a daemon is rather trusting itself and hands most of the fine-grained user-permissions back into the realm of apache. Can you tell us more about your exact scenario, are you offering this subversion server to public use?
When you say “self-secured” https, you mean a self-signed certificate? If so look at how you are distributing either that certificate or the CA and ensure that that path is secure in itself.
Check more discussion of this question.
Related posts:
Leave a comment
Recent Posts
Tags
active-directory
amazon-ec2
apache
apache2
backup
bash
centos
cisco
command-line
debian
dns
email
exchange
firewall
iis
iis7
iptables
linux
macosx
monitoring
mysql
networking
nginx
performance
permissions
php
postfix
raid
security
sql-server
sql-server-2005
sql-server-2008
ssh
ssl
ubuntu
unix
virtualization
vpn
webserver
windows
windows-7
windows-server-2003
windows-server-2008
windows-server-2008-r2
windows-xp