Home >Operation and Maintenance >Linux Operation and Maintenance >Security precautions for building a web server on CentOS
Security Precautions for Building a Web Server on CentOS
With the development of the Internet, the construction of Web servers has become more and more common. As a common operating system, CentOS provides many convenient tools and functions when building a web server. However, security is an important factor that any web server must consider. This article will introduce some security issues that need to be paid attention to when building a CentOS web server, and provide relevant code examples.
Update and upgrade:
Before setting up a web server, first make sure that the CentOS system has been updated and upgraded to the latest version. This can be achieved with the following command:
sudo yum update
This will update all packages for your CentOS system and patch any known security vulnerabilities.
Firewall configuration:
CentOS has a firewall enabled by default, but the default configuration may not be enough to provide adequate security. The following are some common firewall configuration examples:
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --reload
sudo firewall-cmd --permanent --add-port=8888/tcp sudo firewall-cmd --reload
The commands in these examples are used to permanently add the corresponding port or service and reload the firewall configuration.
Remove unnecessary services:
CentOS will install some unnecessary services and software packages by default, and these services may pose security risks. All installed services can be listed through the following command:
sudo systemctl list-unit-files | grep enabled
According to actual needs, you can use the following command to disable unnecessary services:
sudo systemctl disable servicename
To completely remove a service, you can use the following Command:
sudo yum remove packagename
Web server configuration:
When building a Web server, you need to pay attention to the following configuration security precautions:
Modifying the SSH port can increase the security of the server. Edit the SSH configuration file /etc/ssh/sshd_config
and modify the Port
field, and then restart the SSH service.
Remote Root login is a potential security risk. Edit the SSH configuration file /etc/ssh/sshd_config
and modify the PermitRootLogin
field to no
, and then restart the SSH service.
Edit the /etc/login.defs
file and modify the following fields to set the password policy:
PASS_MAX_DAYS 90 PASS_MIN_DAYS 7 PASS_WARN_AGE 14
These fields respectively set the maximum validity period of the password, the minimum number of days for the password, and the number of warning days before the password expires.
In order to ensure the security of data transmission, it is recommended to use HTTPS protocol instead of HTTP protocol. Configuring the HTTPS protocol on CentOS requires installing an SSL certificate, etc.
Here is a simple example to configure the HTTPS protocol using Let's Encrypt free certificate.
First, install the certbot plugin through the following command:
sudo yum install certbot
Then, execute the following command to obtain the certificate and automatically configure the Apache server:
sudo certbot --apache
This will start the certificate application process, Follow the prompts to complete the configuration of the HTTPS protocol.
Through the above security precautions and related code examples, we can strengthen the security of building a web server on CentOS. However, security is an ongoing process that requires constant updates and vigilance to patch vulnerabilities in a timely manner to ensure server security.
The above is the detailed content of Security precautions for building a web server on CentOS. For more information, please follow other related articles on the PHP Chinese website!