Eight security setting skills for CentOS server to ensure Apache Web Server Security
Apache server is an open-source WEB Server supported by the Apache Software Foundation, a non-profit organization. Many of our virtual hosts and VPS use the Apache server architecture environment, however, any architecture environment may suffer from various possible attacks, Security Vulnerability Detection, SQL injection, and various denial-of-service attacks.
As our VPS/Server users, we need to back up more data to ensure the security of website data on the server, and we also need to observe the monitoring trend of our servers at any time, third, we need to pay attention to the latest vulnerability Security Update scripts. As a basic application method, we need to ensure basic Apache Security Settings and server security.
1. Regularly update the system
First, we need to ensure that the latest version and Apache security patches and additional CGI, Perl, and PHP script code are installed. We need to update the dependent packages of the data source on a regular basis.
# Ubuntu/Debian
Apt-get update; apt-get dist-upgrade
# Fedora/Centos/RedHat
Yum update
Select the update command based on your system environment.
2. Set and protect SSH Security
After obtaining the VPS, we recommend that you modify the port, ROOT password, and authorize independent non-ROOT user permission management, or you can log on to the SSH client to manage the VPS using a key. For example, you can refer to "set Putty SSH to log on to a Linux VPS host using a key" and "Xshell to set a key logon to ensure a safer Linux VPS and server.
Third, disable unused services
To ensure the security of our Web server, we recommend that you check all running services and open ports on the server and disable all services we do not need on the server.
# Display all services -- status-all
# Display all port rules iptables-L
# Display all running information (redhat/centos/fedora) chkconfig -- list
# Check whether/etc/init. d has a suspicious script ls/etc/init. d
Fourth, disable unnecessary Apache Modules
By default, Many Apache modules are enabled, but some do not need to be used. We can disable and streamline them. For example, the "6 steps to streamline the CentOS system environment" and "4 steps to streamline the Debian system environment" shared previously can effectively improve the execution efficiency and reduce the resource occupation rate.
A-Ubuntu/Debian
Cat/etc/apache2/mod-enabled/* | grep-I loadmodule
Enable Module
A2enmod module_name
Disable modules
A2dismod module_name
B-Centos/Fedora/RedHat
Cat/etc/httpd/conf/httpd. conf | grep-I LoadModule
Edit the httpd. conf file and search for the LoadModule keyword. If you want to disable the file, add # remarks to the front and save the file. If you do not start the file, remove #
Fifth, let Apache run with specified users and groups
Most default Apache users use apache by default. To ensure security, we can use different users/groups. Assume that the mail server you run is a nobody user, and you use the same user to run Apache. If your email server is broken, your Apache will also be affected. For example, if we are running as root, if there is a security risk, the entire system will be at great risk. To check/change users/groups, edit the httpd. conf file.
# Fedora/Centos/Redhat
Vi/etc/httpd/conf/httpd. conf
# Ubuntu/Debian
Vi/etc/apache2/httpd. conf
You can use the default user group or create a new user group.
User apache
Group apache
6. Prevent Information Leakage
After the default Apache installation, the port and version information are displayed on the default page. We need to hide the information.
# Fedora/Centos/Redhat
Vi/etc/httpd/conf/httpd. conf
# Ubuntu/Debian
Vi/etc/apache2/conf-enabled/security. conf
Search for the ServerTokens and ServerSignature characters and modify
ServerTokens Prod
ServerSignature Off
Restart Apache
# Fedora/Centos/Redhat
Service apache2 restart
# Ubuntu/Debian
Service httpd restart
Then, we cannot see the version information on the 404 page.
7. Hide PHP version information
# Fedora/Centos/Redhat
Vi/etc/php. ini
# Ubuntu/Debian
Vi/etc/php5/apache2/php. ini
Search for expose_php and change the on parameter to off.
8. Disable the automatic index module.
# Fedora/Centos/Redhat
/Etc/httpd/conf/httpd. conf
Add # block before the line "LoadModule autoindex_module modules/mod_autoindex.so"
# Ubuntu/Debian
Rm-rf/etc/apache2/mod-enabled/autoindex. conf
Delete automatic index module
To sum up, we have sorted out the Apache Security Settings from the previous steps to, and we can check some other settings. for the security settings of the htaccess file, we should not underestimate this small file. Some Security Settings still need to be passed. the htaccess file will be specially organized later. In any case, whether we are using a virtual host or a VPS/server, we need to monitor and regularly back up website and project data at any time.
The Fixed Link: http://www.laozuo.org/5503.html | old left blog