30 December 2005

Server update

Late Wednesday, I decided to do some end-of-year security checks on my Web server. I keep up with Windows updates, but I hadn't run Microsoft Baseline Security Analyzer in a while so that was step one. It made a few good recommendations concerning default IIS Web sites that I'd never removed (just disabled) and the fact that I didn't disable the Guest user. The fatal recommendation was to run something called IIS Lockdown from Microsoft which further cleans up stray IIS settings that could cause problems.

I'm not sure exactly what happened when I ran it, but the result was the elimination of all of my Web sites from IIS (the settings, not the files). Yipes. My fault was two-fold: I should have had IIS backed up and I should have researched more closely what the lockdown app was going to do. Anyway, the past few days--late into the evening Wednesday, a good portion of last night when I got RadioWave (JSPs) and my blog (Perl) up, and today when I finally got my development wiki (PHP) back--were exhausting. Oddly, getting Tomcat working was the biggest headache, mostly because IIS seems to be erratic about refreshing with refresh (the Web site), restart (the server), or reboot (the machine). I need to write down all of the peculiarities as soon as possible before I forget, especially because I found others describing some of the symptoms but with no solutions. I've already updated my notes on configuring MediaWiki with some new links, but there's some more to add. Getting Perl working was effortless. Getting PHP was a little more difficult because it involved some rarely-documented stuff.

All-in-all, it was a good re-learning experience and I was able to clean up many of the spurious settings from my Tomcat config files. The irony now is that my Web server is probably more insecure (I probably shouldn't advertise that, should I?) because of the gobal changes that were just made. I think I'll be locking down IIS on my own from now on, thank you.

[ posted by sstrader on 30 December 2005 at 2:56:34 PM in Home Network & Gadgets ]