Page 1 of 1

Security practice for a web server.

Posted: 2020/06/26 11:25:58
by hack3rcon
I need the experts experiences about CentOS 8 as a web server. Which tools must be installed for hardening and monitoring a web server?
Please share your experiences.

Thank you.

Re: Security practice for a web server.

Posted: 2020/07/04 17:40:30
by mm7
I am not sure about tools because these can be specific to a web server.

From general security perspective, some advises:
- a web server must run under its own account and group, the account should not be able to login to bash.
- a web server must run in SeLinux confinement.
Usually what comes with Centos (i.e. Apache) is already confined.
But if you install something from a side, like new Tomcat 9, you will have to confine it yourself.
Otherwise it will be vulnerable to various attacks.
- logs need to be on a separate volume (different than /). Usually you should create separate one for /var/log and one for /var/log/audit.

- a great tool for overall security is OpenSCAP