Difference between revisions of ""Secure" Word Press on Amazon Linux"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) |
Michael.mast (talk | contribs) |
||
| Line 5: | Line 5: | ||
<br> | <br> | ||
<br> | <br> | ||
| + | <ref>https://www.tecmint.com/hide-apache-web-server-version-information/</ref><ref>https://www.tecmint.com/hide-php-version-http-header/</ref> | ||
<pre> | <pre> | ||
sudo yum -y update | sudo yum -y update | ||
sudo yum -y install libselinux libselinux-utils selinux-policy-minimum selinux-policy-mls selinux-policy-targeted policycoreutils fail2ban httpd mysql mysql-server php php_mysql | sudo yum -y install libselinux libselinux-utils selinux-policy-minimum selinux-policy-mls selinux-policy-targeted policycoreutils fail2ban httpd mysql mysql-server php php_mysql | ||
| − | sudo sed 's/selinux=0/selinux=1\ security=selinux\ enforcing=1/' /etc/grub.conf | + | sudo sed -i 's/selinux=0/selinux=1\ security=selinux\ enforcing=1/' /etc/grub.conf |
| − | sudo echo -e "ServerTokens Prod\nServerSignature Off" >> /etc/httpd/ | + | sudo echo -e "ServerTokens Prod\nServerSignature Off" >> /etc/httpd/conf/httpd.conf |
| + | sudo rm -f /etc/httpd/conf.d/welcome.conf | ||
| + | sudo sed -i 's/expose_php\ =\ On/expose_php\ =\ off/' /etc/php.ini | ||
| + | sudo chkconfig fail2ban on | ||
| + | sudo chkconfig mysqld on | ||
| + | sudo chkconfig httpd on | ||
sudo touch /.autorelabel | sudo touch /.autorelabel | ||
sudo reboot | sudo reboot | ||
</pre> | </pre> | ||
| − | *After logging back in | + | *After logging back in make sure services are started. |
| − | + | <pre> | |
| + | sudo service httpd status | ||
| + | sudo service mysqld status | ||
| + | sudo service fail2ban status | ||
| + | </pre> | ||
| + | *Prepare MySQL for Word Press by creating a database. | ||
| + | <pre> | ||
| + | sudo mysql_secure_installation | ||
| + | mysql -uroot -p | ||
| + | </pre> | ||
<pre> | <pre> | ||
| − | |||
| − | |||
| − | |||
| − | |||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/html/wp-content/uploads/* | sudo chcon -R -t httpd_sys_rw_content_t /var/www/html/wp-content/uploads/* | ||
</pre> | </pre> | ||
Revision as of 09:41, 22 December 2017
These instructions follow my attempts for a generally "locked down" instance for running Word Press without losing sleep.
Version I am working with before updates
Linux ip-172-26-9-250 4.9.51-10.52.amzn1.x86_64 #1 SMP Fri Sep 29 01:16:19 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[1][2]
sudo yum -y update sudo yum -y install libselinux libselinux-utils selinux-policy-minimum selinux-policy-mls selinux-policy-targeted policycoreutils fail2ban httpd mysql mysql-server php php_mysql sudo sed -i 's/selinux=0/selinux=1\ security=selinux\ enforcing=1/' /etc/grub.conf sudo echo -e "ServerTokens Prod\nServerSignature Off" >> /etc/httpd/conf/httpd.conf sudo rm -f /etc/httpd/conf.d/welcome.conf sudo sed -i 's/expose_php\ =\ On/expose_php\ =\ off/' /etc/php.ini sudo chkconfig fail2ban on sudo chkconfig mysqld on sudo chkconfig httpd on sudo touch /.autorelabel sudo reboot
- After logging back in make sure services are started.
sudo service httpd status sudo service mysqld status sudo service fail2ban status
- Prepare MySQL for Word Press by creating a database.
sudo mysql_secure_installation mysql -uroot -p
sudo chcon -R -t httpd_sys_rw_content_t /var/www/html/wp-content/uploads/*
