Link utility VPS:
Logwatch: http://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers
ZRAM: https://wiki.debian.org/ZRam
Swapfile: https://wiki.archlinux.org/index.php/Swap
Apache:
– Virtual Host: https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-centos-7
– mod_userdir: http://www.techytalk.info/enable-userdir-apache-module-ubuntu-debian-based-linux-distributions/
.bashrc solo alla connessione ssh: http://superuser.com/a/355066
MariaDB: http://help.directadmin.com/item.php?id=44
Remi: http://ask.xmodulo.com/install-remi-repository-centos-rhel.html
PHP:
– php.ini vhost: https://www.howtoforge.com/how-to-specify-a-custom-php.ini-for-a-website-apache2-with-mod_php
– php-fpm:
– \ https://wiki.apache.org/httpd/PHP-FPM
– \ vhost: https://documentation.cpanel.net/display/CKB/Configure+PHP-FPM+with+User+Pools+for+EasyApache+4
– \ pool management: https://ma.ttias.be/a-better-way-to-run-php-fpm/
– \ .htaccess support: http://serverfault.com/questions/398834/understanding-apache-2-4-mod-proxy-fcgi-and-rewriterules-in-htaccess
– OPcache GUI: http://stackoverflow.com/questions/17224798/how-to-use-php-opcache
Link vari per hardening linux, server web:
SSH: http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
FirewallD: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7
Certificato SSL: http://www.startssl.com/
SSL: https://cipherli.st/
Apache:
– mod_security: http://xmodulo.com/harden-apache-web-server-mod_security-mod_evasive-centos.html
ProFTPd:
– http://www.techrepublic.com/article/lock-it-down-set-up-a-secure-ftp-server-with-proftpd/
– http://www.servercobra.com/bullet-proof-proftpd/
Fail2Ban: http://blog.iopsl.com/fail2ban-on-centos-7-to-protect-ssh-part-i/
Logwatch: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-logwatch-log-analyzer-and-reporter-on-a-vps
MariaDB: http://www.greensql.com/content/mysql-security-best-practices-hardening-mysql-tips
PHP: http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html
Kernel: http://linoxide.com/how-tos/linux-server-protection/
/tmp /dev/shm: http://www.chinabtp.com/dev-shm-proc-hardening/
factl: http://www.anchor.com.au/hosting/dedicated/Security_Hardening_of_an_Apache_Virtual_Host
Appunti hardening:
/tmp:dd if=/dev/zero of=/tmpfile bs=1M count=1024
mkfs.ext4 /tmpfile
chmod 444 /tmpfile
mount -o loop,rw,nodev,nosuid,noexec /tmpfile /tmp
chmod 1777 /tmp
ln -s /var/tmp /tmp
/etc/fstab append:
/tmpfile /tmp ext4 loop,rw,noexec,nosuid,nodev 0 0
ACL:setfacl -R --physical -m u:USER:rx,g::0,o:0,d:u:USER:rx,m:rx,d:m:rx,d:o:0 \
/home/USER/public_html