Web server security check sites overview


#1

Well, this is not really a tutorial but maybe useful in combination with existing Seafile tutorials. @Hanz0 mentioned a nice website to check web server configuration so I thought to provide some overview about existing security check sites I’ve used before or read about.

In alphabetical order:

Some of the sites provide an option “Don’t include my site in the public results”. :wink:

If you find useful additional security check sites please report here and I will add them to the list.


Tutorial for Seafile CE + Nginx + dynamic DNS (on ARM / Cubietruck / RaspberryPi)
#2

https://www.scanmyserver.com/ is a page I just read about and wanted to try now. Unfortunately I almost broke my Seahub code. :grimacing:

https://www.scanmyserver.com/ wants you to add a “Security Seal” (some piece of code) to the website configuration:

Last Step: Confirm Site Ownership

Add our Security Seal to your site now using the code below, press Confirm Now and we will start your free scan within the next 2 hours.

Step 1: Copy and paste this code into the footer of your home page html:

<a href="http://www.beyondsecurity.com/vulnerability-scanner-verification/myserver.ddns.net"><img src="https://seal.beyondsecurity.com/verification-images/myserver.ddns.net/vulnerability-scanner-2.gif" alt="Website Security Test" border="0" /></a>

Step 2: Press Confirm Now and we’ll verify the seal has been added to your site.
Press Back to select another confirmation option.

I’ve never customized my Seahub page so this was the first try for me. Following http://manual.seafile.com/config/seahub_customization.html I thought /srv/seafile/seafile-server-latest/seahub/seahub/templates/rest_framework/base.html would be a good first try for the Security Seail code.

So here is what I did:

sudo -s
mkdir /srv/seafile/seahub-data/custom
chown seafile:seafile /srv/seafile/seahub-data/custom
cd /srv/seafile/seafile-server-latest/seahub/media/
ln -s /srv/seafile/seahub-data/custom /srv/seafile/seafile-server-latest/seahub/media/custom
chown -h seafile:seafile /srv/seafile/seafile-server-latest/seahub/media/custom
mkdir /srv/seafile/seahub-data/custom/templates
chown seafile:seafile /srv/seafile/seahub-data/custom/templates
cp /srv/seafile/seafile-server-latest/seahub/seahub/templates/rest_framework/base.html /srv/seafile/seahub-data/custom/templates/
chown seafile:seafile /srv/seafile/seahub-data/custom/templates/base.html
service seafile restart

On some point I broke something because Seahub says Django request errors with some GET /accounts/whatever/ lines.
I had to rm -r /srv/seafile/seahub-data/custom to get things working again.

Is http://manual.seafile.com/config/seahub_customization.html outdated or did I miss something?


#3

It is not outdated. But for each major version, because the template you overwritten changed a lot, you need to copy the base template and do customization again.