SECURITY

Things to be considered before configuring apache server.


1.Hiding Apache version and OS information:

Apache displays its version and the name of the operating system in errors. A hacker can use this information to launch an attack. so server administration must hide the server signature. This can be with following command


vim /etc/httpd/conf/httpd.conf

>Go to the above directory


ServerSignature Off

>Off the default signature


service httpd restart

>restart the server to take effect the changes


2.Disable Directory Listing

If /var/www/ don’t have the index file then webserver shows the document root directory

This feature could be turn off for a specific directory through “options directive” available in the Apache configuration file.


<Directory /var/www/html>

Options -Indexes

</Directory>


3.Restricting Access to files outside the root directory

Configure the file like given below:

<Directory/>

Options None

AllowOverride None

Order deny,allow

Deny from all

</Directory>

This will not allow user to access outside the web root directory


HOW TO INSERT RESTRICTION.

To view the current iptables configuration

iptables -L


How to block all connections from a specific IP Address.

iptables -A INPUT -s (ip address) -j DROP

e.g.: iptables -A INPUT -s 192.168.1.22 -j DROP


How to block all of the IP Addresses in the 192.168.1.1/24 network range.

Standard method: iptables -A INPUT -s 192.168.1.1/24 -j DROP

OR

Netmask method: iptables -A INPUT -s 192.168.1.1/255.255.255.0 -j DROP


How to block SSH connections from any IP address.

iptables -A INPUT -p tcp --dport ssh -j DROP


How to block SSH connections from a specific IP Address.

iptables -A INPUT -p tcp --dport ssh -s 10.10.10.10 -j DROP

For tcp protocol use -p tcp

& for udp protocol use -p udp


The changes that you make to your iptables rules will be scrapped the next time that the iptables service gets restarted unless you execute a command to save the changes


For Ubuntu:

sudo /sbin/iptables-save


Red Hat / CentOS:

/sbin/service iptables save

Or

/etc/init.d/iptables save


To clear all the currently configured rules:

iptables -F

© 2014 HaKTuts. All rights reserved.