5. Secure Web Server

We used Thin with Sinatra as the engine that would serve webpages. WeBRICK was the default web server that came with ruby, and it was discarded as it was infamous for its memory leakage problems. We moved to Thin as it was much faster, and more secure by default. Experimentation was done with the Ruby binary running the Thin web server to restrict access to specific files it needed. AppArmor handled this well, as a program called aa-genprof was used to create a profile based off of regular interactions with the web server from a remote browser. This generated profile was edited to restrict access, and then reverted. This way, AppArmor would only let preplanned interactions with the web server in.