SELinux,Fail2ban,Security Configurations
Jump to navigation
Jump to search
Install firewalld
sudo yum install firewalld sudo systemctl start firewalld sudo systemctl enable firewalld sudo systemctl status firewalld
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --permanent --list-all sudo firewall-cmd --reload
nano /etc/firewalld/firewalld.conf # AllowZoneDrifting=no
SELinux Permissions
setsebool -P httpd_can_network_connect 1 setsebool -P httpd_execmem 1 setsebool -P httpd_setrlimit 1 setsebool -P httpd_can_sendmail 1 setsebool -P allow_httpd_mod_auth_pam 1 setsebool -P httpd_mod_auth_pam 1 setsebool -P httpd_read_user_content 1 setsebool -P httpd_run_stickshift 1 setsebool -P httpd_enable_cgi 1 setsebool -P httpd_unified 1 setsebool -P httpd_enable_homedirs 1
FAIL2BAN
sudo yum -y install epel-release sudo yum -y install fail2ban sudo systemctl enable fail2ban
[DEFAULT] # Ban hosts for one hour: bantime = 360000 findtime = 3600 maxretry = 2
# Override /etc/fail2ban/jail.d/00-firewalld.conf: banaction = iptables-multiport ignoreip = 127.0.0.1/8 154.160.2.127/8
[sshd] enabled = true
phpinfo, sudo systemctl restart fail2ban sudo fail2ban-client status sudo fail2ban-client status sshd sudo fail2ban-client status wordpress sudo fail2ban-client status wordpress2 sudo fail2ban-client status wordpress3 sudo fail2ban-client status http-get-post-dos