In this course, we teach about Apache web server hardening. We cover what web server hardening is and why it plays a crucial part in the process of running a web server. We go over several configurations we can perform to help secure our Apache web server as much as possible. In addition, we talk about the different kinds of vulnerabilities Apache is susceptible to. Apache HTTP Server is a free open-source web server that runs approximately 45% of today’s websites, which is why learning how to properly secure it is extremely important.
Web servers are in many cases located at the edges of networks, so they are exposed to attacks more frequently than other parts of networks. Web servers are always targeted with requests, both manually and automatically, through scripts. At the beginning of this course, we provide an introduction to web server hardening and teach how to properly install and configure an Apache server. All steps will be performed on Centos7, but we could use the same commands for other Linux operating systems. Keep in mind that the installation process is precisely where the process of server hardening begins. It is very important to conduct a proper installation and configuration in order to protect the server and make it less vulnerable. Remember that default settings are easily bypassed.
Moreover, we also cover how to configure a firewall correctly. We share some basic firewalld concepts and terms like zones, instances, firewalld commands, and blacklists. Subsequently, we present several other topics. For example, we dive into Security-Enhanced Linux (SELinux) and see why it is important to use it with Apache and how it benefits us. SELinux represents mandatory access controls (MAC), allowing fine-grain access controls for resources such as files, devices, networks, and inter-process communication. In many cases, administrators disable SELinux because it causes complications with Apache and there is not enough time to configure everything correctly in the system. This usually results in decreased security.
Some practical skills this course imprats are how to create automated scripts, manage apache directory access, perform log examination, and exploit a server using a well-known vulnerability: ShellShock. Automated scripts enable us to perform server and SELinux checks automatically, which is necessary when handling thousands or even millions of Apache instances at once. We create our own automated script for our needs, but we can always incorporate scripts written by others as well. We also create a capture file using the tcdump tool so we can recognize if there's anything suspicious going on in the system. If something suspicious is detected, we will then inspect the traffic in Wireshark.
Another covered is logs. Logging is essential in any system. We share how to configure our own log level for both general and specific traffic. By the end of this course, you will have a better understanding of the Apache server and be more aware of the dangers it's exposed to. You will also be able to set up and configure various parts of the system more securely, as well as search for potential threats.