Security precautions for building a web server on CentOS

Security Precautions for Building a Web Server on CentOS

With the development of the Internet, the construction of Web servers has become more and more common. As a common operating system, CentOS provides many convenient tools and functions when building a web server. However, security is an important factor that any web server must consider. This article will introduce some security issues that need to be paid attention to when building a CentOS web server, and provide relevant code examples.

1. Update and upgrade:
   Before setting up a web server, first make sure that the CentOS system has been updated and upgraded to the latest version. This can be achieved with the following command:

   sudo yum update

   This will update all packages for your CentOS system and patch any known security vulnerabilities.

2. Firewall configuration:
   CentOS has a firewall enabled by default, but the default configuration may not be enough to provide adequate security. The following are some common firewall configuration examples:

   • Enable HTTP protocol port (80) and HTTPS protocol port (443):

   sudo firewall-cmd --permanent --add-service=http
   sudo firewall-cmd --permanent --add-service=https
   sudo firewall-cmd --reload

   • Enable other customizations Port:

   sudo firewall-cmd --permanent --add-port=8888/tcp
   sudo firewall-cmd --reload

   The commands in these examples are used to permanently add the corresponding port or service and reload the firewall configuration.

3. Remove unnecessary services:
   CentOS will install some unnecessary services and software packages by default, and these services may pose security risks. All installed services can be listed through the following command:

   sudo systemctl list-unit-files | grep enabled

   According to actual needs, you can use the following command to disable unnecessary services:

   sudo systemctl disable servicename

   To completely remove a service, you can use the following Command:

   sudo yum remove packagename

4. Web server configuration:
   When building a Web server, you need to pay attention to the following configuration security precautions:

   • Modification Default SSH port:

   Modifying the SSH port can increase the security of the server. Edit the SSH configuration file /etc/ssh/sshd_config and modify the Port field, and then restart the SSH service.

   • Disable remote Root login:

   Remote Root login is a potential security risk. Edit the SSH configuration file /etc/ssh/sshd_config and modify the PermitRootLogin field to no, and then restart the SSH service.

   • Configure a secure password policy:

   Edit the /etc/login.defs file and modify the following fields to set the password policy:

   PASS_MAX_DAYS   90
   PASS_MIN_DAYS   7
   PASS_WARN_AGE   14

   These fields respectively set the maximum validity period of the password, the minimum number of days for the password, and the number of warning days before the password expires.

   • Use HTTPS protocol:

   In order to ensure the security of data transmission, it is recommended to use HTTPS protocol instead of HTTP protocol. Configuring the HTTPS protocol on CentOS requires installing an SSL certificate, etc.

   Here is a simple example to configure the HTTPS protocol using Let's Encrypt free certificate.

   First, install the certbot plugin through the following command:

   sudo yum install certbot

   Then, execute the following command to obtain the certificate and automatically configure the Apache server:

   sudo certbot --apache

   This will start the certificate application process, Follow the prompts to complete the configuration of the HTTPS protocol.

Through the above security precautions and related code examples, we can strengthen the security of building a web server on CentOS. However, security is an ongoing process that requires constant updates and vigilance to patch vulnerabilities in a timely manner to ensure server security.

The above is the detailed content of Security precautions for building a web server on CentOS. For more information, please follow other related articles on the PHP Chinese website!