cnbird's blog

cnbird's blog

Hardening guide for Apache 2.2.15 on RedHat 5.4 (64bit edition)

 

1. Login to the server using Root account.
2. Create a new account:
groupadd apache
useradd -g apache -d /dev/null -s /bin/false apache
3. Mount RHEL 5.4 DVD, and move to the RPM folder:
mount /dev/hdc /media
cd /media/Server
4. Before compiling the Apache environment, install the following RPM:
rpm -ivh kernel-headers-2.6.18-164.el5.x86_64.rpm
rpm -ivh glibc-headers-2.5-42.x86_64.rpm
rpm -ivh glibc-devel-2.5-42.x86_64.rpm
rpm -ivh gmp-4.1.4-10.el5.x86_64.rpm
rpm -ivh libgomp-4.4.0-6.el5.x86_64.rpm
rpm -ivh gcc-4.1.2-46.el5.x86_64.rpm
5. Copy the Httpd 2.2.15 source files using PSCP (or SCP) into /tmp
6. Move to /tmp
cd /tmp
7. Extract the httpd-2.2.15.tar.gz file:
tar -zxvf httpd-2.2.15.tar.gz
8. Move to the Apache source folder:
cd httpd-2.2.15
9. Run the commands bellow to compile the Apache environment:
./configure --prefix=/usr/local/apache2 --enable-so

make

make install
10. Remove the Apache source files:
rm -rf /tmp/httpd-2.2.15
rm -f /tmp/httpd-2.2.15.tar.gz
11. Remove Default Content
rm -rf /usr/local/apache2/cgi-bin
rm -rf /usr/local/apache2/htdocs
rm -rf /usr/local/apache2/icons
rm -rf /usr/local/apache2/man
rm -rf /usr/local/apache2/manual
rm -rf /usr/local/apache2/conf/extra
rm -rf /usr/local/apache2/conf/original
12. Updating Ownership and Permissions on Apache2 folders:
chown root:root /usr/local/apache2/bin/apachectl
chown root:root /usr/local/apache2/bin/httpd*
chmod 770 /usr/local/apache2/bin/apachectl
chmod 770 /usr/local/apache2/bin/httpd*
chown -R root:root /usr/local/apache2
chmod -R go-r /usr/local/apache2
chown -R root:root /usr/local/apache2/logs
chmod -R 700 /usr/local/apache2/logs
13. Create folder for the web content:
mkdir -p /www
14. Updating Ownership and Permissions on the web content folder:
chown -R root /www
chmod -R 775 /www
15. Edit using VI the file /usr/local/apache2/conf/httpd.conf and change the following strings:
From:
DocumentRoot "/var/www/html"
To:
DocumentRoot "/www"

From:
Listen 80
To:
Listen Server_FQDN:80

From:
ServerAdmin root@localhost
To:
ServerAdmin webmaster@mycompany.com

From:
#ServerName www.example.com:80
To:
ServerName Server_FQDN

From:
LogLevel warn
To:
LogLevel notice

From:
ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
To:
# ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"

From:
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>

To:
<Directory />
Options None
AllowOverride None
Order deny,allow
deny from all
</Directory>

From:
<Directory "/usr/local/apache2/htdocs">
To:
<Directory "/www">
<LimitExcept GET POST>
deny from all
</limitexcept>

From:
Options Indexes FollowSymLinks
To:
Options -FollowSymLinks -Includes -Indexes -MultiViews

16. Add the following sections to the end of the httpd.conf file:
ServerSignature Off
ServerTokens Prod
Timeout 60
# Maximum size of the request body.
LimitRequestBody 10000
# Maximum number of request headers in a request.
LimitRequestFields 40
# Maximum size of request header lines.
LimitRequestFieldSize 4094
# Maximum size of the request line.
LimitRequestLine 500

17. Remove the sections bellow from the file httpd.conf
<Directory "/usr/local/apache2/cgi-bin">
18. Edit using VI the file /usr/local/apache2/include/ap_release.h and change the following strings:
From:
#define AP_SERVER_BASEVENDOR "Apache Software Foundation"
To:
#define AP_SERVER_BASEVENDOR "Restricted server"

From:
#define AP_SERVER_BASEPRODUCT "Apache"
To:
#define AP_SERVER_BASEPRODUCT "Secure Web Server"

19. Starting Apache from command line:
/usr/local/apache2/bin/apachectl start
20. To start Apache service at server start-up, edit using VI, the file /etc/rc.local and add the line bellow:
/usr/local/apache2/bin/apachectl start
21. Uninstall the following RPM:
rpm -e gcc-4.1.2-46.el5
rpm -e libgomp-4.4.0-6.el5
rpm -e gmp-4.1.4-10.el5
rpm -e glibc-devel-2.5-42
rpm -e glibc-headers-2.5-42
rpm -e kernel-headers-2.6.18-164.el5


Previous guides:
Hardening guide for Apache 2.0 on Solaris 10 platform
How to implement SSL on Apache 2.0

阅读更多
想对作者说点什么? 我来说一句

Apache2.2.15

2012年09月20日 5.11MB 下载

Apache2.2.15安装及配置过程

2017年09月25日 56KB 下载

apache2.2.15

2010年05月12日 4.52MB 下载

没有更多推荐了,返回首页

加入CSDN,享受更精准的内容推荐,与500万程序员共同成长!
关闭
关闭