0

I don't know if this is the right place for my question.

I'm creating a web server with Apache and PHP, but I want to make it as secure as possible.

A set of software to keep the server secure, is it recommended to use OSSEC, mod_evasive, and mod_security with the OWASP rule set?

Or is it not necessary to use OSSEC?

Tommy
  • 3
  • 2

1 Answers1

1

I will give you some recommendation.

*Enhanse your server security You could use CIS Benchmark for you Operative System

  • Enhanse you Web Server Security

  • Be carefull with your firewall configuration

  • Install some security components like an AntiDDos, IDS, IPS, in your Firewall( If you

  • Update you OS and all component involved.

  • Run an vulnerability scanning, port scanning in order to check unneccesary port open, or vulnerability associated with your WS or OS.

if you don't have a firewall and don't have money to buy one, I will recommend you a good opensource firewall like pfsense).

Marcos Vera
  • 56
  • 2
  • Hi @MarcosVera. Thank you very much for the recommendations. The CIS Benchmark contains excellent content that I will follow. Do you have any suggestions for AntiDDoS, IDS and IPS software? – Tommy Jan 27 '20 at 20:29
  • IDS/IPS you could use snort is very good. For AntiDDOS you could try with Fail2Ban. – Marcos Vera Jan 27 '20 at 20:39