Book Image

CentOS System Administration Essentials

Book Image

CentOS System Administration Essentials

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
CentOS System Administration Essentials
Nov, 2014 | 174 pages
No titles found
Table of Contents (18 chapters)
CentOS System Administration Essentials
CentOS System Administration Essentials
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Taming vi
Taming vi
CLI trickery – shortcuts that you will love
Vim and vi
Getting the .vimrc setup the way you like
Search and replace
Learning to remove extraneous comments from a file with a few deft key strokes
Summary
2
Cold Starts
Cold Starts
The GRUB and MBR
When is the root filesystem not the root filesystem?
Working on the GRUB console
Protecting the GRUB menu with passwords
Boot splashing with plymouth
Summary
3
CentOS Filesystems – A Deeper Look
CentOS Filesystems – A Deeper Look
A magician's secret
Special permissions
Naming your pipes
Understanding the command stat
Enterprise filesystem shootout
Using BTRFS snapshots
Summary
4
YUM – Software Never Looked So Good
YUM – Software Never Looked So Good
Managing software installation with RPM files
Creating your own RPM file
Creating a YUM Repository
Summary
5
Herding Cats – Taking Control of Processes
Herding Cats – Taking Control of Processes
Managing services with Upstart
Creating your own Upstart script
Managing processes
Summary
6
Users – Do We Really Want Them?
Users – Do We Really Want Them?
Managing public and private groups
Getent
Quotas
Scripting user creation
Summary
7
LDAP – A Better Type of User
LDAP – A Better Type of User
LDAP concepts
Installing 389-ds
LDAP user account management
LDAP authentication
Summary
8
Nginx – Deploying a Performance-centric Web Server
Nginx – Deploying a Performance-centric Web Server
Installing and configuring Nginx
Installing PHP
Installing MySQL
Create dynamic web content
Summary
9
Puppet – Now You Are the Puppet Master
Puppet – Now You Are the Puppet Master
Installing the Puppet master
Puppet resource
Managing packages, services, and files
Summary
10
Security Central
Security Central
Understanding PAM configuration files
Limits of PAM
SELinux
Hardening Linux
Summary
11
Graduation Day
Graduation Day
Securing remote access to your system
Best practices of OpenLDAP
Best practices of Nginx
Mastering Puppet
What's new in CentOS 7
Summary
Index
Index

Best practices of Nginx

If you choose to implement the Nginx web server, there are few things that we should take a look at to endure the longevity of your web service.

From a security perspective, your web server could be accessible to the whole world, everyone. For this reason, we should ensure that some basic security threats are protected:

  • SELinux: Ensure that we have set SELinux to Enforcing on our CentOS system that hosts Nginx.

  • DocumentRoot: Mount the DocumentRoot structure independently as its own filesystem, ensuring that malicious writes will not crash the Linux host if the disk fills, and secondly the partition or disk can be mounted with minimal rights, for example, LABEL=web /var/www ext4 ro,nosuid,noexec,nodev,noatime 0 2.

  • Use a host-based firewall: Allow only incoming TCP ports 80 and 443. Often, only outgoing UDP port 123 along with outgoing dynamic TCP ports need to be open, with port 123 being for time synchronization.

  • Restrict HTTP methods available to Nginx. The RFC 2616...

Previous Section
End of Section 4
Next Section