2020-08-31 (月) の 13:31 +0000 に Turritopsis Dohrnii Teo En Ming さんは書きました: > > SECTION 4 Disable SELinux (Security Enhanced Linux) > =================================================== > > You MUST disable SELinux, otherwise Apache web server will not work. > > If you DO NOT want to disable SELinux, you must be an expert in > SELinux to configure SELinux. > Don't do this. You don't need to be an expert to configure SELinux, if you install setroubleshootd then 9 times out of 10 it will tell you how to fix something SELinux is blocking, and when that doesn't work, there's always DuckDuckGo if you're not sure. SELinux may be daunting to a newcomer, but just like Apparmor on Debian, it's well worth reading about and learning the security advantages it provides. I always advise both security methods are left enabled where a distribution supports them. (not at the same time.....) > SECTION 5 Disable firewalld Software Firewall > ============================================= > > Because already protected by Fortigate firewall at the perimeter. > > # systemctl disable firewalld > > # reboot > > This is another big security no-no. Never disable the firewall, even if that system is behind another system. Configure the firewall correctly in all cases and have it enabled. After all, if someone breaks through your "Fortigate Firewall", your system will be wide open to anyone who gets inside. Honestly, I believe after reading this tutorial, your system would be wide open for easy attack and hijacking. Your tutorial is a little scary to read.. Just sayin... :-O. But keep studying and practising, and look deeper into the various ways to secure a system correctly, such as not installing/running things you don't need and not unnecessarily disabling things.