Web Server Security

The security configuration of a web server is very important especially when some¬†confidential data is stored in its database. However, I didn’t do anything to ensure the safety of my server after I installed operating system into it. So I decide to make up this today.

I use CentOS 7 (x64) as my operating system. Steps I take includes changing ssh port, forbidden ping, Configure iptables, change user privillege, disallow any change of some important file and etc.

  1. Change the ssh port:
    Though a strong password might be enough to protect the server, it would be better if potential attackers don’t know you have ssh installed. Thus, changing the ssh port would be a good idea.
  2. Disable system service you don’t need:
    There might be vulnerability in some system services, thus disabling services you don’t need can enhance the security of your server.

    If you don’t want to use IPv6, also do the followings:

    Then create a new file under /etc/modprobe.d/
    Assume it’s stopipv6.conf

    In this file, add two lines:
  3. Disallow users you don’t need:
    Edit /etc/passwd, comment the user you don’t need (do not delete them in case you need them in future)
  4. Disallow groups you don’t need:
    Edit /etc/group, comment the group you don’t need (do not delete them in case you need them in future)
  5. Install sudo and only allow certain user to login via ssh:
    Install sudo and add a user (e.g. xxx)

    Then, only allow xxx to login via ssh
  6. Avoid IP spoofing:
    Edit /etc/host.conf, make it the same as following:
  7. Disallow FTP user to login and limit the folder user can get access via FTP:
    Edit /etc/host.conf, make it the same as following:
  8. IP tables configuration:
  9. Disallow adding new user and change to system file:

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">