Harden Debian by Hardening Web Servers
It is very common to have Debian being used as a web server. Hence, we need to ensure it complies to web security checklist. This section guides you on how to harden all web servers used in the operating system.
Identified Threats
These are the identified threats related to Debian software.
(T-87) Web Server Are Exposing User Files and Unintended System Files
Some web application like Apache and Nginx exposes user level and system level files into web interface.
(T-88) Web Server Is Not Listening to Specific Audience
Web application is not listening to specific audience, thus serving everyone.
(T-89) Web Server Log Permissions Are Not Setup To Specific Audience
Web application log files' permissions are not configured according to specific audiences only.
(T-90) Web Server Is Not Interacting with SSL/TLS
Web application is not serving with SSL/TLS by default.
(T-91) Web Server Is Vuleranble to Its Security Vulnerabilities
Web application has its own security audits to comply with.
Actions Required
Here are the list if actions to counter the issues.
Strictly Implement SSL/TLS
SSL/TLS is a compulsory requirement. One must implements it no matter the cost.
Disable Global File Hosting Configurations
You should disable the global settings at all cost. Then, slowly and surely, enable the specific path that is desired for hosting.
Configure Server to Listen Certain Network Interface
If available, try to set web server listening to certain network interface instead of all.
Apply Correct File Permissions to Log Files
For all web server's log file, apply to specific read/write audiences.
Build The Web Server's Security Checklist
Always build the web server's security checklist for security protection.
That's all for hardening Debian by hardening web servers.