Daniel Barrett, Richard Silverman, Robert Byrnes
Computer security is an ongoing process, a relentless contest between system administrators and intruders. A good administrator needs to stay one step ahead of any adversaries, which often involves a continuing process of education. If you're grounded in the basics of security, however, you won't necessarily want a complete treatise on the subject each time you pick up a book. Sometimes you want to get straight to the point. That's exactly what the new Linux Security Cookbook does. Rather than provide a total security solution for Linux computers, the authors present a series of easy-to-follow recipes--short, focused pieces of code that administrators can use to improve security and perform common tasks securely. The Linux Security Cookbook includes real solutions to a wide range of targeted problems, such as sending encrypted email within Emacs, restricting access to network services at particular times of day, firewalling a webserver, preventing IP spoofing, setting up key-based SSH authentication, and much more. With over 150 ready-to-use scripts and configuration files, this unique book helps administrators secure their systems without having to look up specific syntax. The book begins with recipes devised to establish a secure system, then moves on to secure day-to-day practices, and concludes with techniques to help your system stay secure. Some of the "recipes" you'll find in this book are: Controlling access to your system from firewalls down to individual services, using iptables, ipchains, xinetd, inetd, and more Monitoring your network with tcpdump, dsniff, netstat, and other tools Protecting network connections with Secure Shell (SSH) and stunnel Safeguarding email sessions with Secure Sockets Layer (SSL) Encrypting files and email messages with GnuPG Probing your own security with password crackers, nmap, and handy scripts This cookbook's proven techniques are derived from hard-won experience. Whether you're responsible for security on a home Linux system or for a large corporation, or somewhere in between, you'll find valuable, to-the-point, practical recipes for dealing with everyday security issues. This book is a system saver.
This is my Flask app structure:
app/ app.py static/ static files secure/ secret_file.ext
Is there any possible way of a hacker accessing
secret_file.ext or even
app.py itself, perhaps through a php script of some sort? If so, how can this be prevented?
Also, what are some other security considerations to keep in mind when deploying a Flask app to the web?
To keep everything secure and save you should be aware of the latest news concerning network and system security.
Example of Linux vulnerability that many have heard about - Shellshock
Another sensational vulnerability - Heartbleed
However, here are some fast tips to go through:
Also enable https to encrypt connection
I am not security guru, however I consider tip #14 not very constructive considering that ipv4 are in extreme short supply right now.
If you are paranoid about security of your system
You should also close all ports except for those being used by Apache and maybe ssh if you need to access your server from "outer web".
There is a lot to learn in system security, nevertheless I hope this will make your system stiff enough to that you could sleep in peace.