Difference between revisions of ""Secure" Word Press on Amazon Linux"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) |
Michael.mast (talk | contribs) |
||
| Line 8: | Line 8: | ||
<pre> | <pre> | ||
sudo yum -y update | sudo yum -y update | ||
| − | sudo yum -y install libselinux libselinux-utils selinux-policy-minimum selinux-policy-mls selinux-policy-targeted policycoreutils fail2ban httpd mysql mysql-server php | + | sudo yum -y install libselinux libselinux-utils selinux-policy-minimum selinux-policy-mls selinux-policy-targeted policycoreutils fail2ban httpd mysql mysql-server php php-mysql |
sudo sed -i 's/selinux=0/selinux=1\ security=selinux\ enforcing=1/' /etc/grub.conf | sudo sed -i 's/selinux=0/selinux=1\ security=selinux\ enforcing=1/' /etc/grub.conf | ||
sudo echo -e "ServerTokens Prod\nServerSignature Off" >> /etc/httpd/conf/httpd.conf | sudo echo -e "ServerTokens Prod\nServerSignature Off" >> /etc/httpd/conf/httpd.conf | ||
| Line 30: | Line 30: | ||
mysql -uroot -p | mysql -uroot -p | ||
</pre> | </pre> | ||
| − | + | *Grab Word Press and install in the appropriate location | |
| + | <pre> | ||
| + | wget https://wordpress.org/latest.tar.gz | ||
| + | mkdir build | ||
| + | cd build | ||
| + | tar -xf ../latest.tar.gz | ||
| + | mv wordpress /var/www/html/wordpress | ||
| + | </pre> | ||
| + | *There are many ways to make this work, I prefer vhosts and sub directories. | ||
| + | <pre> | ||
| + | echo -e "<VirtualHost *:80>\nDocumentRoot /var/www/html/wp-site\n</VirtualHost>" >> /etc/httpd/conf.d/vhost.conf | ||
| + | sudo apachectl graceful | ||
| + | </pre> | ||
| + | * | ||
<pre> | <pre> | ||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/html/wp-content/uploads/* | sudo chcon -R -t httpd_sys_rw_content_t /var/www/html/wp-content/uploads/* | ||
</pre> | </pre> | ||
Revision as of 09:55, 22 December 2017
These instructions follow my attempts for a generally "locked down" instance for running Word Press without losing sleep.
Version I am working with before updates
Linux ip-172-26-9-250 4.9.51-10.52.amzn1.x86_64 #1 SMP Fri Sep 29 01:16:19 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[1][2]
sudo yum -y update sudo yum -y install libselinux libselinux-utils selinux-policy-minimum selinux-policy-mls selinux-policy-targeted policycoreutils fail2ban httpd mysql mysql-server php php-mysql sudo sed -i 's/selinux=0/selinux=1\ security=selinux\ enforcing=1/' /etc/grub.conf sudo echo -e "ServerTokens Prod\nServerSignature Off" >> /etc/httpd/conf/httpd.conf sudo rm -f /etc/httpd/conf.d/welcome.conf sudo sed -i 's/expose_php\ =\ On/expose_php\ =\ off/' /etc/php.ini sudo chkconfig fail2ban on sudo chkconfig mysqld on sudo chkconfig httpd on sudo touch /.autorelabel sudo reboot
- After logging back in make sure services are started.
sudo service httpd status sudo service mysqld status sudo service fail2ban status
- Prepare MySQL for Word Press by creating a database.
sudo mysql_secure_installation mysql -uroot -p
- Grab Word Press and install in the appropriate location
wget https://wordpress.org/latest.tar.gz mkdir build cd build tar -xf ../latest.tar.gz mv wordpress /var/www/html/wordpress
- There are many ways to make this work, I prefer vhosts and sub directories.
echo -e "<VirtualHost *:80>\nDocumentRoot /var/www/html/wp-site\n</VirtualHost>" >> /etc/httpd/conf.d/vhost.conf sudo apachectl graceful
sudo chcon -R -t httpd_sys_rw_content_t /var/www/html/wp-content/uploads/*
