apache2-hardening
apache2-hardening
It's a basic hardening. It will harden security.conf and apache2.conf. Check the TODO if you want to improve the hardening.
Variables
Check defaults/main.yml
Example Playbook
- hosts: servers
roles:
- role: Lier0.apache2-hardening
Harden serving
Consider hardening of yours dir/loc as the example bellow:
<Directory / >
<LimitExcept GET POST>
Options FollowSymLinks
AllowOverride None
</LimitExcept>
</Directory>
# a2enmod headers
<IfModule mod_headers.c>
Header set X-XSS-Protection: "1; mode=block"
Header unset Server
Header set X-Content-Security-Policy "allow 'self';"
Header set X-Frame-Options DENY
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always append X-Frame-Options SAMEORIGIN
</IfModule>
TODO
You should consider enabling theses mods:
- mod_security
- mod_evasive
- mod_headers
And deploy configuration for them.
Maybe also add in apache2.conf:
- Header unset ETag
- FileEtag None
Licence
GPLv3
Author Information
initialy created by Lier0. Inspired by Sebastian Gumprich.