I have few Unicorn servers running on Ubuntu 12.04 and I am looking to secure them against exploits which give remote shell.
My main concern is, if it makes sense to deploy ModSecurity?
Another thing is, that I have seen Unicorn typically runs from port 8080, and it's forwarded to Apache/NginX server port 80 which serves as reverse-proxy.
I was thinking that I could employ the following:
- ModSecurity on Apache
- Apache as worker (threaded) with mod_qos, to prevent excessive no of requests from any host
- Run unicorn server from designated user and isolate it thru AppArmor or SELinux if it's Redhat/Centos
I would like to know, if there is another hardening framework / patch for RoR like PHP Suhosin.
I would start with Ruby On Rails Security Guide.
Pay attention to the File Uploads section.
.php
,.cgi
,.../public
directoryYou can also scan your Rails code for vulnerabilities using Brakeman:
gem list -d brakeman