CentOS server Apache Web server to ensure the safety of eight kinds of security settings TECHNOLOGY

Apache is an open source WEB servers, is supported by the nonprofit Apache Software Foundation, hosting, VPS, we use Apache server architecture environment, but any schema environment will suffer from a variety of possible attacks, security vulnerability detection, such as SQL injection and denial of service attacks.

As part of our VPS/server users, we need to do a backup on the server data security, and also need to observe at any time with our server monitoring, to curb the need to pay attention to the latest vulnerability security update script, as the basis of the applications, we need to ensure that Apache based security settings, ensure, on a basis of server security.

Ensuring the security of Apache Web Server 8 security tips

First, regularly updating the system

First of all, we need to ensure is you have installed the latest version of security patches and additional CGI,Perl and Apache and PHP script code. We need to regularly update the data source-dependent package operation.

# Ubuntu/Debian

apt-get update; apt-get dist-upgrade

# Fedora/Centos/RedHat

yum update

Depending on your system environment, select the update command.

Second, set up and protect our SSH security

After we get a VPS, proposed to amend the port, ROOT password, as well as non-ROOT user authorization rights management, log on or we can be the key to SSH client managed VPS. Refer to “set up a Putty SSH key login Linux VPS hosting” and “Xshell setting key login ensures that Linux VPS and server more secure” articles set a key landing.

Third, disable unused services

In order to ensure that our Web server security, you are advised to check all services that are running on the server and open the port, disable all services on the server, we do not need.

# To display all service service–status-all

# Show all port rules

# Displays all the information (RedHat/CentOS/Fedora) chkconfig–list

# Check for suspicious/etc/init.d scripts/init.d

Lastly, disable unnecessary Apache module

By default, many Apache modules are open, but some do not need to use, we can close and streamlined. For example there was shared with the “6 steps to realize a CentOS system streamlined” and “4-steps towards the environments streamlined the Debian system” can improve the rate of implementation less efficient resource.

A – Ubuntu/Debian

cat /etc/apache2/mods-enabled/* | grep -i loadmodule

Open module

a2enmod module_name

Close the module

a2dismod module_name

B – Centos/Fedora/RedHat

cat /etc/httpd/conf/httpd.conf | grep -i LoadModule

Edit the httpd.conf file and search keyword LoadModule, need to close the preceding it with # note save you can instead start remove the #

V, allows Apache to specified users and groups to run

Most of the default Apache uses the default user and group for the Apache, in order to ensure safety, we can use a different user/group. If you run a mail server as the nobody user, you use the same user running Apache. If your mail server is compromised, your Apache will also be affected. For example, we are running as root, if there is a security risk, then the whole system will be too much of a risk. To check/change user/group, edit the httpd.conf file.

#Fedora/Centos/Redhat

vi /etc/httpd/conf/httpd.conf

#Ubuntu/Debian

vi /etc/apache2/httpd.conf

We can use the default user group, you can also create new users/groups.

User apache
Group apache

VI, the prevention of information leaks

Default Apache installation in the default page reflect the port, version information, and so on, we need to hide the information.

#Fedora/Centos/Redhat

vi /etc/httpd/conf/httpd.conf

#Ubuntu/Debian

vi /etc/apache2/conf-enabled/security.conf

Search for ServerTokens and ServerSignature characters, and modifications

ServerTokens Prod
ServerSignature Off

Then restart the Apache

#Fedora/Centos/Redhat

service apache2 restart

#Ubuntu/Debian

service httpd restart

Then our 404 page cannot see the version information.

VII, hide PHP version information

#Fedora/Centos/Redhat

vi /etc/php.ini

#Ubuntu/Debian

vi /etc/php5/apache2/php.ini

Then search the expose_php, the corresponding parameter on to off

Eighth, disable, auto indexing module

#Fedora/Centos/Redhat

/etc/httpd/conf/httpd.conf

“LoadModule autoindex_module modules/mod_autoindex.so” add # before ban

#Ubuntu/Debian

rm -rf /etc/apache2/mods-enabled/autoindex.conf

Remove automatic indexing module

Summarizing, above the old left is organized into 8 security settings for Apache, some settings that we can view the. htaccess file security settings, we can not be overlooked this little file, some security settings that are needed by. htaccess file, there’s time to finish an article. In any case, we are using virtual hosts, or VPS/server, we need to monitor site and project data and a scheduled backup at any time.

Leave a Reply

Your email address will not be published. Required fields are marked *