Skip to content

Latest commit

 

History

History
75 lines (52 loc) · 2.49 KB

README.md

File metadata and controls

75 lines (52 loc) · 2.49 KB

Disclaimer

These files are not created for production server. This are created for understanding basic server security. So don't use these files in production server and also don't test this files on main system as you may lock down your own system.


Summary

These are web server config file to sercure web servers and understanding basics of web server security. These only provide basic level like firewall, cronjobs and secure ssh.


Note

By default it will create backups of your default configuration files. But it will still ask for overwrite permission. So if want you want create backup manually You will get a chance to do that.


Installation

Scripts are only for Debian and Debian based distributions.

Directly download release from here

or

git clone https://github.com/CyberVarun/webserver-config
cd webserver-config
bash setup.sh

Owasp coreruleset

Modsecurity default rule set will be replaced with owasp coreruleset for apache2 only. You can get more about owasp coreruleset here


Apache2

By default script will install apache2 with modsecurity. And the default rule set of modsecurity will be replaced by owasp coreruleset to give more security.

Nginx

Nginx will have its default but modified configuration.


Fail2ban

It's highly recommend to have a firewall so this will install fail2ban. And by default fail2ban is configured to block ssh connections. If anyone attempts to brute force ssh login or if anyone fails to authenticate more than 3 times it will ban its IP for 1 day.


Virtual host

By default virtual files will not be installed. So if want install it just copy the following file into:

Apache2 site.com.conf > /etc/apache2/sites-available/
And enable them with command:
sudo a2ensite filename

make sure that you have disabled the default files(000-default.conf). If you haven't then use command:
sudo a2dissite filename do disable

Nginx site.com > /etc/nginx/sites-available/
And enable them with command:

cd /etc/nginx/site-enabled/
sudo ln -s /etc/nginx/sites-available/filename

make sure that you have disabled the default files(default). If you haven't then use command:

cd /etc/nginx/site-enabled/
sudo rm default

do disable