Categories
VPS

Web Server Security

And Toy Story.

  • Update frequently
  • Replace passwords frequently while verifying at least 8 characters long (lower and upper case alphabets, numbers and symbols) and set up Two-Factor Authentication
  • Verify that there is a firewall and DDOS protection
  • Config the Intrusion Prevention System (enable mod_remoteip if used with reverse proxy)
  • Set up hiding of the web server details
  • Scan the server files and pass on the logs frequently
  • Use the user root only if required

Disallow SSH root connection, in /etc/ssh/sshd_config use the directive:

PermitRootLogin no

Define which logs will be saved and where in the file /etc/rsyslog.conf.

Config the intrusion prevention system Fail2ban:

  • Activate mod_remoteip (in case of reverse proxy)
  • Create the /etc/fail2ban/jail.local file and use the commands, for example to enable the recidive SSH protection:
[recidive]
enabled = true

[sshd]
enabled = true

Config multiple log files:

logpath = /var/www/clients/client12/web*/log/access.log
          /var/www/clients/client13/web*/log/access.log

Unban IP with the command:

fail2ban-client set sshd unbanip $IP

Hide the Apache web server details- add the directives into /etc/apache2/apache2.conf:

ServerTokens Prod
ServerSignature Off

Hide the PHP details- add the directives into php.ini:

expose_php = off

As you probably have noticed- Buster, Strech, Jessie, and all other Debian distribution code names, are names of characters from the Toy Story movie, inspired by Bruce Ferns who worked at Pixar besides his tenure as the Debian project leader.

Leave a Reply

Your email address will not be published. Required fields are marked *