Part of having a secure website is minimizing the information that we share with everytone. Also, we need to look over what modules are running and interacting with what applications. A lot of work shall be done in this procedure and not just turning modules on and off. We will be tweaking the modules behavior and function along with core functionality that can really harden a system beyond a hackers reach. We will be updating this page to include additional configurations to strengthen the sites security. Also, we need to look over what modules are running and interacting with what applications. The bulk of the work is really in this procedure. It does not just involve turning on or off modules; but instead heavy tweaking the modules behavior and function can really harden a system beyond a hackers reach from the Internet.
Comment/uncomment out the lines for each module listed in /etc/httpd/conf.modules.d/
To list all of the Apache modules running:
The commands below will install the necessary Modules for now. BTW mod_headers are installed and is enabled by default
yum install mod_ssl
yum install mod_session
The newly created sited should be enabled automatically if they were configured correctly and no command is necessary.
Do not forget to handle the IP defaulting to a web page if you disable the defaults. Do not use the Apache2 default page!
Comment out the content of the below mentioned files and if you want you can even rename them after doing so.
Add the following lines that are highlighed in blue to your httpd.conf file: <--- Change the lines in blue below
<Directory /> <--- Protect our system files - If you did not add this in the prior Step2b, you can add it globally here
Require all denied
We could put all of Security Header settings in this file, but I highly do not recommend it on a Server that hosts numerous sites!
Locate and change: <--- Change the lines in blue below
Locate, find and change: <--- Change the line in blue below
expose_php = Off
Each process under event can contain multiple threads and each is capable of more than one task. This results in Apache having the lowest requirements when used with mpm_event.
We are using a configuration that requires us to address the higher load requirements.
Add the following settings in the httpd.conf file: <--- Add the lines in blue below
If this a Web server, email, DNS, and so forth, cut everything in half and MaxMemFree minimum of 4096 - Which is 4 megs and alter as necessary.
systemctl restart httpd