apache2-hardening

apache2-hardening

Build Status

It's a basic hardening. It will harden security.conf and apache2.conf. Check the TODO if you want to improve the hardening.

Variables

Check defaults/main.yml

Example Playbook

    - hosts: servers
      roles:
        - role: Lier0.apache2-hardening

Harden serving

Consider hardening of yours dir/loc as the example bellow:

        <Directory / >
            <LimitExcept GET POST>
                Options FollowSymLinks
                AllowOverride None
            </LimitExcept>
        </Directory>
# a2enmod headers

<IfModule mod_headers.c>
    Header set X-XSS-Protection: "1; mode=block"
    Header unset Server
    Header set X-Content-Security-Policy "allow 'self';"
    Header set X-Frame-Options DENY
    Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
    Header always append X-Frame-Options SAMEORIGIN
</IfModule>

TODO

You should consider enabling theses mods:

  • mod_security
  • mod_evasive
  • mod_headers

And deploy configuration for them.

Maybe also add in apache2.conf:

  • Header unset ETag
  • FileEtag None

Licence

GPLv3

Author Information

initialy created by Lier0. Inspired by Sebastian Gumprich.

About

Debian - Apache2 security enhancment

Install
ansible-galaxy install Lier0/ansible-role-apache2-hardening
GitHub repository
License
Unknown
Downloads
34
Owner