Operation and Maintenance
Linux Operation and Maintenance
Network security reinforcement techniques for building web servers under CentOS 7
Network security reinforcement techniques for building web servers under CentOS 7
Network security reinforcement techniques for building web servers under CentOS 7
The web server is an important part of the modern Internet, so it is very important to protect the security of the web server. By hardening network security, you can reduce risks and avoid potential attacks. This article will introduce network security hardening techniques commonly used when building web servers on CentOS 7, and provide corresponding code examples.
- Update system and software
First, make sure your system and software are up to date. You can use the following command to update software packages on CentOS 7:
sudo yum update
- Turn off unnecessary services
In order to improve the security of the system, some unnecessary services should be turned off. You can use the following command to view the currently installed services:
sudo systemctl list-unit-files --type=service | grep enabled
As needed, you can use the following command to stop and disable the corresponding service. For example, if you do not need to use the FTP server, you can stop and disable vsftpd:
sudo systemctl stop vsftpd sudo systemctl disable vsftpd
- Configuring the firewall
Configuring the firewall is one of the important measures to protect the web server. On CentOS 7, firewalld can be used to manage firewalls. Here are some commonly used firewall rules:
Allow HTTP and HTTPS traffic into the server:
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --reload
Allow SSH connections into the server:
sudo firewall-cmd --permanent --add-service=ssh sudo firewall-cmd --reload
Limit the number of inbound connections :
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="0.0.0.0/0" limit value="5/m" accept' sudo firewall-cmd --reload
- Use HTTPS to encrypt communication
HTTPS is a security protocol that protects communications between web servers and clients by using SSL or TLS encryption mechanisms. You can use the Certbot tool to automatically generate and configure an SSL certificate for your website. The following are sample commands to install and configure Certbot on CentOS 7:
First, install Certbot and the Certbot Nginx plugin:
sudo yum install certbot python2-certbot-nginx
Then, enable SSL for your website:
sudo certbot --nginx
- Installing and Configuring Web Application Firewall
Web Application Firewall (WAF) can detect and block attacks against web applications. On CentOS 7, ModSecurity is a commonly used WAF tool. The following are sample commands to install and configure ModSecurity on CentOS 7:
First, install the ModSecurity and Nginx modules:
sudo yum install mod_security mod_security_crs nginx-mod-http-modsecurity
Then, enable ModSecurity:
sudo sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/httpd/conf.d/mod_security.conf
Finally, restart Nginx:
sudo systemctl restart nginx
- Configure login protection
In order to protect the login page of the web server, you can restrict the IP addresses that access the login page. The following is sample code to configure login protection using Nginx:
Edit the Nginx configuration file:
sudo nano /etc/nginx/nginx.conf
Add the following code in the "http" block:
map $remote_addr $limited_access {
192.168.1.1 '';
10.0.0.0/24 '';
default 1;
}
server {
...
location /login {
deny all;
allow $limited_access;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}Save and exit the profile. Then create a username and password for authenticating login:
sudo htpasswd -c /etc/nginx/.htpasswd username
Finally, restart Nginx:
sudo systemctl restart nginx
This article introduces network security reinforcement techniques commonly used when building web servers under CentOS 7. You can improve your web server's network security by updating your system and software, turning off unnecessary services, configuring firewalls, encrypting communications using HTTPS, installing and configuring web application firewalls, and configuring login protection. Hope the above tips are helpful to you.
The above is the detailed content of Network security reinforcement techniques for building web servers under CentOS 7. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to input Chinese in centos
Apr 07, 2024 pm 08:21 PM
Methods for using Chinese input in CentOS include: using the fcitx input method: install and enable fcitx, set shortcut keys, press the shortcut keys to switch input methods, and input pinyin to generate candidate words. Use iBus input method: Install and enable iBus, set shortcut keys, press the shortcut keys to switch input methods, and input pinyin to generate candidate words.
How to read USB disk files in centos7
Apr 07, 2024 pm 08:18 PM
To read U disk files in CentOS 7, you need to first connect the U disk and confirm its device name. Then, use the following steps to read the file: Mount the USB flash drive: mount /dev/sdb1 /media/sdb1 (replace "/dev/sdb1" with the actual device name) Browse the USB flash drive file: ls /media/sdb1; cd /media /sdb1/directory; cat file name
What to do if you forget your password to log in to centos
Apr 07, 2024 pm 07:33 PM
Solutions for forgotten CentOS passwords include: Single-user mode: Enter single-user mode and reset the password using passwd root. Rescue Mode: Boot from CentOS Live CD/USB, mount root partition and reset password. Remote access: Use SSH to connect remotely and reset the password with sudo passwd root.
SCP usage tips-recursively exclude files
Apr 22, 2024 am 09:04 AM
One can use the scp command to securely copy files between network hosts. It uses ssh for data transfer and authentication. Typical syntax is: scpfile1user@host:/path/to/dest/scp -r/path/to/source/user@host:/path/to/dest/scp exclude files I don't think you can when using scp command Filter or exclude files. However, there is a good workaround to exclude the file and copy it securely using ssh. This page explains how to filter or exclude files when copying directories recursively using scp. How to use rsync command to exclude files The syntax is: rsyncav-essh-
How to enable root permissions in centos7
Apr 07, 2024 pm 08:03 PM
CentOS 7 disables root permissions by default. You can enable it by following the following steps: Temporarily enable it: Enter "su root" on the terminal and enter the root password. Permanently enabled: Edit "/etc/ssh/sshd_config", change "PermitRootLogin no" to "yes", and restart the SSH service.
How to obtain root permissions in centos7
Apr 07, 2024 pm 07:57 PM
There are several ways to gain root privileges in CentOS 7: 1. Run the command using "su". 2. Use "sudo" to run a single command. 3. Enable the root user and set a password. NOTE: Be cautious when using root privileges as they may damage the system.
How to enter root permissions in centos
Apr 07, 2024 pm 08:06 PM
There are two ways to perform tasks with root privileges in CentOS: 1) Use the sudo command to temporarily obtain root privileges; 2) Log in directly using the root user password. Extreme caution should be used when using root privileges and it is recommended to only use them when necessary.
How do C++ functions implement network security in network programming?
Apr 28, 2024 am 09:06 AM
C++ functions can achieve network security in network programming. Methods include: 1. Using encryption algorithms (openssl) to encrypt communication; 2. Using digital signatures (cryptopp) to verify data integrity and sender identity; 3. Defending against cross-site scripting attacks ( htmlcxx) to filter and sanitize user input.
