The LAMP stack; for Linux, Apache, MySQL and PHP, allows a user to run dynamic websites and web applications.
For this exercise, the installation and basic configuration of the LAMP stack will be done on the existing web server.
This blog uses Octopress so the LAMP stack is purely as proof of concept.
From shell, install and start the Apache web server as shown:
yum install httpd service httpd start
Accessing the web server's ip address from a web browser should now return a web page.
From shell, install and start MySQL using the following:
yum install mysql-server service mysqld start
The next step is to install PHP using:
yum install php php-mysql
After successful installation, basic configuration can be done to harden the web server. Steps to take include:
- Apache should not run as root
Create a non-privileged account to run Apache. From shell:
groupadd apache useradd apache -g apache -d /dev/null -s /sbin/nologin
Using a text editor, modify the Apache configuration httpd.conf
User apache Group apache
- Restrict access permissions
This step intends to restrict access to the Apache directory by modifying permissions. From the shell:
chown -R root:root /etc/httpd chmod -R 640 /etc/httpd
Additionally, restrict access permissions for Apache configuration and logs.
chmod -R 640 /etc/httpd/conf chmod -R 640 /var/log/httpd
- Minimise information leakage
It is important to minimise information leakage. To meet this objective modify the Apache configuration httpd.conf
ServerSignature Off ServerTokens ProductOnly ServerName www.mywebsite.com:80
- Basic MySQL configuration
By default, MySQL has a root account with a blank password. This and other basic configuration changes can be made from terminal by running the following: