Install firewalld
sudo yum install firewalld
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo systemctl status firewalld
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --permanent --list-all
sudo firewall-cmd --reload
nano /etc/firewalld/firewalld.conf
# AllowZoneDrifting=no
Follow this link for Additional Firewall-Cmd Commands
SELinux Permissions
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_execmem 1
setsebool -P httpd_setrlimit 1
setsebool -P httpd_can_sendmail 1
setsebool -P allow_httpd_mod_auth_pam 1
setsebool -P httpd_mod_auth_pam 1
setsebool -P httpd_read_user_content 1
setsebool -P httpd_run_stickshift 1
setsebool -P httpd_enable_cgi 1
setsebool -P httpd_unified 1
setsebool -P httpd_enable_homedirs 1
FAIL2BAN
sudo yum -y install epel-release
sudo yum -y install fail2ban
sudo systemctl enable fail2ban
[DEFAULT]
# Ban hosts for one hour:
bantime = 360000
findtime = 3600
maxretry = 2
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport
ignoreip = 127.0.0.1/8 154.160.2.127/8
[sshd]
enabled = true
systemctl start fail2ban
sudo systemctl status fail2ban
sudo systemctl restart fail2ban
sudo fail2ban-client status
sudo fail2ban-client status sshd
sudo fail2ban-client status wordpress
sudo fail2ban-client status wordpress2
sudo fail2ban-client status wordpress3
sudo fail2ban-client status http-get-post-dos
Install Letsencrypt
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# (for centos 8) dnf config-manager --set-enabled PowerTools
sudo dnf install certbot python3-certbot-nginx
OR dnf install certbot python3-certbot-apache
certbot --version
certbot --nginx
OR certbot --apache
certbot renew
certbot certificates
certbot certonly --apache
certbot certonly --nginx
echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null