Securing ACID

Problem

You want to protect your ACID web page from unauthorized users.

Solution

Use the htpasswd command to create a password for the user acid. Make sure you use a strong password:

[root@localhost root]# mkdir /www/passwords [root@localhost root]# /www/bin/htpasswd -c /www/passwords/passwords acid New password: Re-Type new password: Adding password for user acid

Edit the /www/conf/httpd.conf file to include the following:

AuthType Basic AuthName "SnortIDS" AuthUserFile /www/passwords/passwords Require user acid

Now restart the web server with the following command:

[root@localhost root]# /etc/init.d/httpd restart

The next time you access your ACID page, you will be prompted for the username and password.

Discussion

Securing your ACID database from unauthorized access is a great idea. Besides intruders having the ability to access the system and potentially cover their tracks, it keeps other inquisitive users from tampering with the database. The usernames and passwords are stored in the /www/passwords/passwords file. Although the passwords are encrypted, it is always a good idea to harden your system and protect it behind a perimeter firewall. If you are not the only person administering this system, it is a good practice to create separate usernames and passwords for each administrator to maintain accountability. Another consideration for securing ACID is to use SSL for encrypting the communications, especially the password authentication.

See Also

Recipe 5.6