Wednesday, April 27, 2022

How To Harden Apache Web Server on Rocky Linux 8.5

 in This Tutorial you will Learn " How To Secure and Harden Your Apache Web Server On Rocky Linux 8.5 "  

Apache is one of the most widely-used and popular web servers. It is also one of the most secure web servers available.
Apache is a popular web server used by millions of websites all over the world. As a result, they are often prey to security vulnerabilities and attacks. It is important to secure your Apache server against malicious attacks.
_________________________________________________________________________________________
Server - Os:  Rocky Linux 8.5  64Bit      |    IP -192.168.1.20        |     Hostname - www.primaryhost.com
_________________________________________________________________________________________
cat /etc/system-release ; httpd -v
_________________________________________________________________________________________
1. Hide Apache Server Name
gedit  /etc/httpd/conf/httpd.conf &>/dev/null
ServerSignature Off
ServerTokens Prod
apachectl configtest
_________________________________________________________________________________________
2. Turn Off Directory Listing
gedit  /etc/httpd/conf/httpd.conf &>/dev/null
<Directory /var/www/html/>
    Options -Indexes
    AllowOverride None
    Require all granted
</Directory>
apachectl configtest
________________________________________________________________________________________
3. Disable Unnecessary Modules-
grep LoadModule /etc/httpd/conf.modules.d/00-base.conf
gedit /etc/httpd/conf.modules.d/00-base.conf &>/dev/null
#LoadModule info_module modules/mod_info.so
#LoadModule userdir_module modules/mod_userdir.so
_________________________________________________________________________________________
4.Disable Symlinks-
gedit  /etc/httpd/conf/httpd.conf &>/dev/null
Options -Indexes -FollowSymLinks
apachectl configtest
_________________________________________________________________________________________
5. Disable SSI & CGI Execution
gedit  /etc/httpd/conf/httpd.conf &>/dev/null
Options -Indexes -FollowSymLinks -ExecCGI -Includes
apachectl configtest
_________________________________________________________________________________________
6. Protect from Clickjacking
gedit  /etc/httpd/conf/httpd.conf &>/dev/null
Header append X-FRAME-OPTIONS "SAMEORIGIN"
apachectl configtest
_________________________________________________________________________________________
7. Disable ETags
gedit  /etc/httpd/conf/httpd.conf &>/dev/null
FileETag None
apachectl configtest
_________________________________________________________________________________________
8. Protect from XSS attacks.
gedit  /etc/httpd/conf/httpd.conf &>/dev/null
<IfModule mod_headers.c>
    Header set X-XSS-Protection "1; mode=block"
</IfModule>
apachectl configtest
_________________________________________________________________________________________
systemctl daemon-reload ; systemctl restart httpd ; systemctl status httpd
_________________________________________________________________________________________





No comments:

Post a Comment