Linux

Security apache2 , mysql and php

Standard

security php,mysql,apache2

//
Just distributions of Debian.
//THIS TUTORIAL IS ONLY PART.

This tutorial is in addition to the tutorial “https://psgcenter.wordpress.com/2014/08/10/how-to-create-your-own-linux-server-hosting/” .

Let’s start.

1.
Type

nano /etc/apache2/apache2.conf

Added at the end like this:

ServerSignature Off
ServerTokens Prod

After that add:

<Directory /var/www/html>
Options -Indexes
</Directory>

In the same file we add:

Options -FollowSymLinks

Let’s get to Mysql
Type

nano /etc/mysql/my.cnf

Added at the end

set-variable=local-infile=0

Now to PHP
Type

rm /etc/php5/sqlite3.ini

Dam to disable dangerous functions:

disable_functions =exec,passthru,shell_exec,system,proc_open,popen,c url_exec,curl_multi_exec,parse_ini_file,show_sourc e

Anti backdooring :

 nano /etc/php5/security.ini

and add

cgi.force_redirect=On

Now go in / var / www and create an htaccess file and add this in it: (SQL injection and XSS is anti)

ServerSignature Off
Options -Indexes
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F,L]
RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clsh ttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00). *(libwwwperl|wget|python|nikto|curl|scan|java|winh ttp|HTTrack|clshttp|archiver|loader|email|harvest| extract|grab|miner[.completati cu alte scannere......]) [NC,OR]
RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|cre ate|char|convert|alter|declare|order|script|set|md 5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F,L]

How to create your own Linux server hosting

Image

[!! Sorry for bad english !!]
[!! Sorry for bad english !!]
[!! Sorry for bad english !!]
[!! Sorry for bad english !!]
[!! Sorry for bad english !!]
How to turn your own Linux server hosting.
this tutorial is just for Debian/Ubuntu
In this tutorial the next transformation in web hosting will show you how to
install a cPanel like host 000webhost and other companies, the https site.
// PS sitetau.com replace it with the address of your website

1.Intai and First, install apache2.
What is Apache?
The Apache HTTP Server, commonly referred to as Apache  is a web server application notable for playing a key role in the initial growth of the World Wide Web. Originally based on the NCSA HTTPd server, development of Apache began in early 1995 after work on the NCSA code stalled. Apache quickly overtook NCSA HTTPd as the dominant HTTP server, and has remained the most popular HTTP server in use since April 1996. In 2009, it became the first web server software to serve more than 100 million websites.

If you have your desktop environment before entering the terminal type is below. [sitetau.com Instead add your site address]
apt-get install apache2

Create a new folder [sitetau.com Instead add your website address
mkdir -p /var/www/sitetau.com/web

We guarantee the web folder permissions [sitetau.com Instead add your site address]
chown -R $USER:$USER /var/www/sitetau.com/web

Garate permissions and the / var / www
sudo chmod -R 755 /var/www

Now to create an index for the main page of the site. [Sitetau.com Instead add your site address]
nano /var/www/sitetau.com/web/index.html

Here we write what we want, we’ll give you an example:

<html>
<head><title>It works</title></head>
<body>
<h3>It works</h3>
<p>text text text</p>
</body>
</html>

Okay, now it “in the system / setup”. [Instead of sitetau.com add your site address]
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/sitetau.com

Now add the site apache2 to him “read”. [Sitetau.com Instead add your site address]
nano /etc/apache2/sites-available/sitetau.com

And look where it says ServerAdmin and under it add: [sitetau.com Instead add your site address]
ServerName sitetau.com

PS Take care all at the same step look at and see to be so DocumentRoot path site [sitetau.com Instead add your site address]
DocumentRoot/var/www/sitetau.com/web

The last step is to start webhost:
a2ensite sitetau.com

2.UPGRADE
To be as a professional webhost to install PHP5 and MySQL.

installing MySQL
apt-get install mysql-server

installing PHP5
apt-get install php5 libapache2-mod-php5
Now reboot
/etc/init.d/apache2 restart

3.SSL[HTTPS]
Run this command for install apache library ssl-cert
apt-get install apache2 ssl-cert

make a directory for certificate
mkdir -p /etc/apache2/ssl

Now install certificate

sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

Edit this file
nano /etc/apache2/ssl/apache.pem

And delete # from Listen 443 .

Edit again
nano /etc/apache2/apache2.conf

add at the end:
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem

and add this options for minimal apache security

ServerSignature Off
ServerTokens Prod
<Directory /var/www/html>
Options -Indexes
Options -FollowSymLinks
</Directory>

Now active rewrite mod
a2enmod rewrite

Now reboot apache

/etc/init.d/apache2 restart

to force show https add this code in .htacces

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

4.cPanel

Run this command for download webmin
wget http://prdownloads.sourceforge.net/webadmin/webmin_1.690_all.deb

Install package
dpkg –install webmin_1.690_all.deb

Install library for perl and python .
apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python

THIS IS webmin!
Now go to yoursite.com:10000 for view cpanel .
I’ll come back with a tutorial that will show you how to secure linux server, apache, php and mysql