Hardening Apache On CentOS 7
Hi,
Some time ago one of my public servers (running Slackware64 14.0) got attacked and was misused to send phishing emails.
This misadventure made me more concerned about security, so I spent the last few weeks catching up on security, reading docs about SELinux and how to use it, etc.
I have a public sandbox server running CentOS 7, and I’m currently experimenting quite a lot with Apache and how to secure it. My approach is very much trial-and-error. I’ve started with these two articles:
https://devops.profitbricks.com/tutorials/how-to-harden-the-apache-web-server-on-CentOS-7/
I’ve also discovered the Nikto vulnerability scanner, and I’m playing around with it.
Besides all this, I’d be curious to know your approach in securing Apache, the tools you use, maybe the odd do’s and don’ts, suggestions, some good books and/or online docs about the subject, etc.
Cheers from the sunny South of France,
Niki
—
Microlinux – Solutions informatiques durables
7, place de l’église – 30730 Montpezat Web : http://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32
2 thoughts on - Hardening Apache On CentOS 7
If your site(s) are simple enough, look into modsecurity for Apache web servers.
Also, use either iptables or the built-in firewalld stuff on CentOS7 to restrict in/outbound ports.
If you’re using PHP, use php-fpm running each host under a different user. https://wp-root.org/server/install-php-fpm-tcp-unix-sockets-CentOS/