TurnKey Linux Virtual Appliance Library

LAMP Stack Appliance is secure??

3210nokia's picture

I use lamp to develop a project among several people. The virtual machine would be available through the Internet. I used "Shadow Security scanner to check the security and he has reported some vulnerabilities.

Is it safe to use Lamp? Or better to mount a virtual machine from scratch installing the latest versions of apache, mysql, etc?

Sorry for my poor English

 

Attached: 
Jeremy Davis's picture

That surprises me a bit...

But I would imagine you'd find a similar result from a Ubuntu 8.04 LTS server. Perhaps it may be even worse? The only way to check would be to build one yourself. If you use the latest version of Ubuntu (9.10) it may fare better?

The other thing is to consider how it creates its list of vulnerabilities? I am unfamilar with that software but if it is merely discovering the version number and then cross referencing against a list of vulnerabilities that relate to that version number then it is not accurate. Canonical (the Ubuntu owners/sponsors) generally patch security vulnerabilities in the included version (thus patching the vulnerability without updating the actual version number).

 

rave's picture

Most of the vulnerabilities

Most of the vulnerabilities come from php. These software (Shadow Security scanner and others) use the version of the installed software and seek it in a database.

I think that upgrading the Apache and its modules the number of vulnerabilities should be reduced.

 

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)