Apache Server is an open source WEB server, it is supported by the nonprofit Apache Software Foundation organizations, many of our web hosting, VPS, etc. will use the Apache server architecture environment, but any architectural environment will suffer all kinds of possible attacks , to detect security vulnerabilities, SQL injection, a variety of denial of service attacks.
As part of our VPS / server users, we need to do more to ensure the safety of the backup data on the server site, and secondly to be seen at any time to monitor the movements of our servers, three to need to focus on a variety of scripts to update the latest security vulnerabilities, as an application-based means, we need to ensure that Apache based security settings to ensure the security of the server from the foundation.
First, regularly updated system
First, we need to make sure that have the latest versions and security patches and additional Apache as CGI, Perl and PHP script code installation. We need to regularly update the data source dependencies operations.
# Ubuntu/Debianapt-get update; apt-get dist-upgrade# Fedora/Centos/RedHatyum update
Choose according to their own system environment upgrade of command.
Second, to set up and protect our SSH security
After we get the VPS, we proposed to amend the port, ROOT password, and authorized a separate non ROOT user rights management, or the way we log in SSH client key management VPS can also be used. For example, you can refer to "Setting the Putty SSH baby naming book http://www.bbqmw.net/qm_bbqmbd/ Login using Linux VPS master key" and "Xshell key login settings to ensure Linux VPS and server more secure," the article set the key landing .
Third, disable unused services
To ensure that our Web server security, we recommend that you check all open ports and services running on the server, we do not need to disable all services on the server.
# To show all services --status-All Service
# Display all port rules -L iptables
# displays all operating information (redhat / centos / fedora) chkconfig --list
whether /etc/init.d # check suspicious script ls /etc/init.d
Fourth, disable unnecessary Apache module
By default, Apache many modules are open, but some do not need to use, we can close and streamlined. For example, previously had shared the "6 steps to achieve CentOS system environment to streamline optimization" and "4 steps to achieve Debian system environment to streamline optimization" can effectively improve the efficiency reduce the occupancy rate of resources.
A - Ubuntu/Debian
cat /etc/apache2/mods-enabled/* | grep -i loadmodule
Open module
a2enmod module_name
Close module
a2dismod module_name
B - Centos/Fedora/RedHat
cat /etc/httpd/conf/httpd.conf | grep -i LoadModule
Edit the httpd.conf file LoadModule search keywords, be closed in front with the # Notes can be saved, then remove the reverse start #
Fifth, allow Apache to specified users and groups to run
Most default Apache using the default user and group apache, in order to ensure safety, we can use a different user / group. Assume you run a mail server as the nobody user, you use the same user running Apache. If your mail server is compromised, your Apache will also be affected. For example, we are running as root, if there is a security risk, then the whole system will be in great risk. To check / change user / group, edit the httpd.conf file.
#Fedora/Centos/Redhatvi /etc/httpd/conf/httpd.conf#Ubuntu/Debianvi /etc/apache2/httpd.conf
We can use the default user group, you can also create a new user / group.
Copy the code follows the code:
the User Apache
Group Apache
Sixth, prevent information leakage
After you install the default Apache default page will be reflected in the port, version information, we need to hide the information.