Difference between revisions of "SELinux,Fail2ban,Security Configurations"

From Rhomicom Wiki
Jump to navigation Jump to search
m (Admin moved page Fail2ban to SELinux,Fail2ban,Security Configurations: Change of name)
Line 1: Line 1:
 +
 +
== Install firewalld ==
 +
  sudo yum install firewalld
 +
  sudo systemctl start firewalld
 +
  sudo systemctl enable firewalld
 +
  sudo systemctl status firewalld
 +
 +
  sudo firewall-cmd --permanent --add-service=http
 +
  sudo firewall-cmd --permanent --add-service=https
 +
  sudo firewall-cmd --permanent --list-all
 +
  sudo firewall-cmd --reload
 +
 +
  nano /etc/firewalld/firewalld.conf
 +
  <nowiki>#</nowiki> AllowZoneDrifting=no
 +
== SELinux Permissions ==
 +
  setsebool -P httpd_can_network_connect 1
 +
  setsebool -P httpd_execmem 1
 +
  setsebool -P httpd_setrlimit 1
 +
  setsebool -P httpd_can_sendmail 1
 +
  setsebool -P allow_httpd_mod_auth_pam 1
 +
  setsebool -P httpd_mod_auth_pam 1
 +
  setsebool -P httpd_read_user_content 1
 +
  setsebool -P httpd_run_stickshift 1
 +
  setsebool -P httpd_enable_cgi 1
 +
  setsebool -P httpd_unified 1
 +
  setsebool -P httpd_enable_homedirs 1
 
== FAIL2BAN ==
 
== FAIL2BAN ==
 
   sudo yum -y install epel-release
 
   sudo yum -y install epel-release

Revision as of 12:04, 30 January 2021

Install firewalld

 sudo yum install firewalld
 sudo systemctl start firewalld
 sudo systemctl enable firewalld
 sudo systemctl status firewalld

 sudo firewall-cmd --permanent --add-service=http
 sudo firewall-cmd --permanent --add-service=https
 sudo firewall-cmd --permanent --list-all
 sudo firewall-cmd --reload

 nano /etc/firewalld/firewalld.conf
 # AllowZoneDrifting=no

SELinux Permissions

 setsebool -P httpd_can_network_connect 1
 setsebool -P httpd_execmem 1
 setsebool -P httpd_setrlimit 1
 setsebool -P httpd_can_sendmail 1
 setsebool -P allow_httpd_mod_auth_pam 1
 setsebool -P httpd_mod_auth_pam 1
 setsebool -P httpd_read_user_content 1
 setsebool -P httpd_run_stickshift 1
 setsebool -P httpd_enable_cgi 1
 setsebool -P httpd_unified 1
 setsebool -P httpd_enable_homedirs 1

FAIL2BAN

 sudo yum -y install epel-release
 sudo yum -y install fail2ban
 sudo systemctl enable fail2ban

 [DEFAULT]
 # Ban hosts for one hour:
 bantime = 360000
 findtime = 3600
 maxretry = 2

 # Override /etc/fail2ban/jail.d/00-firewalld.conf:
 banaction = iptables-multiport
 ignoreip = 127.0.0.1/8 154.160.2.127/8

 [sshd]
 enabled = true

 phpinfo,
 sudo systemctl restart fail2ban
 sudo fail2ban-client status
 sudo fail2ban-client status sshd
 sudo fail2ban-client status wordpress
 sudo fail2ban-client status wordpress2
 sudo fail2ban-client status wordpress3
 sudo fail2ban-client status http-get-post-dos
Retrieved from "https://wiki.rhomicom.com/index.php?title=SELinux,Fail2ban,Security_Configurations&oldid=155"