[CentOS] Hardening Apache on CentOS 7

Sun Jul 9 19:55:38 UTC 2017
SternData <subscribed-lists at sterndata.com>

On 07/09/2017 11:01 AM, Nicolas Kovacs wrote:
> Hi,
> Some time ago one of my public servers (running Slackware64 14.0) got
> attacked and was misused to send phishing emails.
> This misadventure made me more concerned about security, so I spent the
> last few weeks catching up on security, reading docs about SELinux and
> how to use it, etc.
> I have a public sandbox server running CentOS 7, and I'm currently
> experimenting quite a lot with Apache and how to secure it. My approach
> is very much trial-and-error. I've started with these two articles:
> https://devops.profitbricks.com/tutorials/how-to-harden-the-apache-web-server-on-centos-7/
> https://www.tecmint.com/apache-security-tips/
> I've also discovered the Nikto vulnerability scanner, and I'm playing
> around with it.
> Besides all this, I'd be curious to know your approach in securing
> Apache, the tools you use, maybe the odd do's and don'ts, suggestions,
> some good books and/or online docs about the subject, etc.
> Cheers from the sunny South of France,
> Niki

If you're using PHP, use php-fpm running each host under a different
user.  https://wp-root.org/server/install-php-fpm-tcp-unix-sockets-centos/

-- Steve