This is basic steps to secure your apache based web server. We are working with CentOS 7 vm in this particular tutorial.
Change ssh default port number
Open ssh configuration file and change default port number 22 to 222 or any other port that is available.
Edit jail.conf and change ssh port number to 222 which is the one we are using for ssh connections.
vi /etc/fail2ban/jail.local [sshd] enabled = true port = 222 #action = firewallcmd-ipset logpath = %(sshd_log)s maxretry = 5 bantime = 86400
Start the service
Run command below to see all ban IP address.
OSSEC Host Intrusion Detection system installation
Lets install OSSEC in local mode. Meaning you running only one OSSEC system and don’t have dedicated servers to run it.
yum install mysql-devel postgresql-devel gcc wget -U ossec https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz tar -zxvf ossec-hids-2.8.3.tar.gz cd ossec-hids-2.8.3 cd ossec-hids-2.8.3 ./install.sh
We pretty much allow all defaults, and when asked what type of installation choose local unless you run dedicated ossec server
We will now add our web root directory so it can be scanned for changes. We assuming our webroot is located under /var/www/html. Please note you will need same amount of space or more for ossec to create all diff. files.
We will need to open ports for http and https traffic and also allow access via alternative ssh port as well as access for nagios monitoring and ossec.
firewall-cmd --zone=public --permanent --add-service=http\udp firewall-cmd --zone=public --permanent --add-port=https\udp firewall-cmd --zone=public --permanent --add-port=1514\udp firewall-cmd --zone=public --permanent --add-port=5666\tcp firewall-cmd --zone=public --permanent --add-port=222\tcp firewall-cmd --reload
Securing /tmp directory
In order to secure tmp directory we created separate partition during install 1GB size.
fdisk -l Disk /dev/mapper/centos-tmp: 1048 MB, 1048576000 bytes, 2048000 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes
We will be mounting /tmp partiiotn with noexec, nosuid and nodev options from fstab
Secure web permissions
Assuming our webroot will be under /var/html/mysite. We will assigh following users and permissions to web root directory