Security practice for a web server.

Support for security such as Firewalls and securing linux
Post Reply
hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

Security practice for a web server.

Post by hack3rcon » 2020/06/26 11:25:58

Hello,
I need the experts experiences about CentOS 8 as a web server. Which tools must be installed for hardening and monitoring a web server?
Please share your experiences.

Thank you.

mm7
Posts: 3
Joined: 2020/07/02 12:42:42

Re: Security practice for a web server.

Post by mm7 » 2020/07/04 17:40:30

I am not sure about tools because these can be specific to a web server.

From general security perspective, some advises:
- a web server must run under its own account and group, the account should not be able to login to bash.
- a web server must run in SeLinux confinement.
Usually what comes with Centos (i.e. Apache) is already confined.
But if you install something from a side, like new Tomcat 9, you will have to confine it yourself.
Otherwise it will be vulnerable to various attacks.
- logs need to be on a separate volume (different than /). Usually you should create separate one for /var/log and one for /var/log/audit.

- a great tool for overall security is OpenSCAP

Post Reply