Create a “secure” Linux web server

This solution provides an apache/httpd server with PHP 5.3.0 on a RHEL system that utilizes the following products for protection:

iptables (“here’s a good policy stack. X.”)
mod_security (and the SpiderLab’s OWASP customer rule set/CSR.)
mod_evasive (yes, built for apache 2.4.x, because, grep.)
fail2ban (yep)
samhain (this sucker is fantastically intricate and awesome.)

I also include some hardening advice for sshd, httpd, and php.

Here is a list of web pages I referenced during the entire thing:

http://www.howtoforge.com/host-based-intrusion-detection-samhain
http://www.la-samhna.de/samhain/manual/
http://www.la-samhna.de/library/scanners.html
http://www.symantec.com/connect/articles/host-integrity-monitoring-best-practices-deployment
http://www.symantec.com/connect/articles/securing-linux-aide
http://www.foosel.org/blog/2008/04/banning_phpmyadmin_bots_using_fail2ban
http://admintweets.com/2013/02/12/fail2ban-add-apache-post-flood-rule/
https://www.digitalocean.com/community/articles/how-to-protect-ssh-with-fail2ban-on-centos-6
http://www.zdziarski.com/blog/?page_id=442
http://www.tecmint.com/protect-apache-using-mod_security-and-mod_evasive-on-rhel-centos-fedora/
https://www.digitalocean.com/community/articles/how-to-set-up-mod_security-with-apache-on-debian-ubuntu
http://www.howtoforge.com/apache_mod_security
https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Installation
http://www.modsecurity.org/documentation/php-register-globals.html
http://blog.modsecurity.org/2007/02/php-peculiariti.html
http://www.modsecurity.org/documentation/apache-internal-chroot.html
http://www.symantec.com/connect/articles/securing-apache-step-step
http://www.symantec.com/connect/articles/securing-php-step-step
http://www.madirish.net/?article=229
http://www.cyberciti.biz/faq/rhel-linux-block-ssh-dictionary-brute-force-attacks/
http://serverfault.com/questions/212269/tips-for-securing-a-lamp-server
http://httpd.apache.org/docs/2.4/install.html
http://stackoverflow.com/a/9436971/843000
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: