Re: How to Migrate Wordpress Website from 32-bit CentOS Linux 6.3 to 64-bit CentOS Linux 8.2 (2004)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



2020-08-31 (月) の 13:31 +0000 に Turritopsis Dohrnii Teo En Ming
さんは書きました:
> 
> SECTION 4 Disable SELinux (Security Enhanced Linux)
> ===================================================
> 
> You MUST disable SELinux, otherwise Apache web server will not work.
> 
> If you DO NOT want to disable SELinux, you must be an expert in
> SELinux to configure SELinux.
> 
Don't do this. You don't need to be an expert to configure SELinux, if
you install setroubleshootd then 9 times out of 10 it will tell you how
to fix something SELinux is blocking, and when that doesn't work,
there's always DuckDuckGo if you're not sure.

SELinux may be daunting to a newcomer, but just like Apparmor on
Debian, it's well worth reading about and learning the security
advantages it provides.

I always advise both security methods are left enabled where a
distribution supports them. (not at the same time.....)


> SECTION 5 Disable firewalld Software Firewall
> =============================================
> 
> Because already protected by Fortigate firewall at the perimeter.
> 
> # systemctl disable firewalld
> 
> # reboot
> 
> 
This is another big security no-no. Never disable the firewall, even if
that system is behind another system. Configure the firewall correctly
in all cases and have it enabled.

After all, if someone breaks through your "Fortigate Firewall", your
system will be wide open to anyone who gets inside.

Honestly, I believe after reading this tutorial, your system would be
wide open for easy attack and hijacking. Your tutorial is a little
scary to read.. Just sayin... :-O.

But keep studying and practising, and look deeper into the various ways
to secure a system correctly, such as not installing/running things you
don't need and not unnecessarily disabling things.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux