Hello,
I need the experts experiences about CentOS 8 as a web server. Which tools must be installed for hardening and monitoring a web server?
Please share your experiences.
Thank you.
Security practice for a web server.
Re: Security practice for a web server.
I am not sure about tools because these can be specific to a web server.
From general security perspective, some advises:
- a web server must run under its own account and group, the account should not be able to login to bash.
- a web server must run in SeLinux confinement.
Usually what comes with Centos (i.e. Apache) is already confined.
But if you install something from a side, like new Tomcat 9, you will have to confine it yourself.
Otherwise it will be vulnerable to various attacks.
- logs need to be on a separate volume (different than /). Usually you should create separate one for /var/log and one for /var/log/audit.
- a great tool for overall security is OpenSCAP
From general security perspective, some advises:
- a web server must run under its own account and group, the account should not be able to login to bash.
- a web server must run in SeLinux confinement.
Usually what comes with Centos (i.e. Apache) is already confined.
But if you install something from a side, like new Tomcat 9, you will have to confine it yourself.
Otherwise it will be vulnerable to various attacks.
- logs need to be on a separate volume (different than /). Usually you should create separate one for /var/log and one for /var/log/audit.
- a great tool for overall security is OpenSCAP