How to Secure LAMP Stack

LAMP stack is a widespread group of software that consists of Linux OS, Apache web server, MySQL or MariaDB database management system, and PHP server side scripting language. Of course, server side protection is a rather vast topic that cannot be fully investigated within a single article. This article just covers the basics of LAMP components protection.

To protect Linux:

  • Use key authentication instead of password authentication whenever possible.
  • Change the port sshd is listening to; it is recommended that a port higher than 1024 is used.
  • You should consider using iptables or fail2ban firewall.

Tips to protect Apache web server:

  • Disable directory listing to prevent contents of directories to be displayed in the browser if there is no directory index file.
  • Hide Apache version, as well as any information about modules and OS in error messages.
  • Disable unnecessary modules commenting out lines where these modules are declared.
  • Limit the size of the HTTP request and set the connection timeout.

To protect MySQL database management system:

  • Set root password for MySQL.
  • Allow root only for localhost.
  • Delete the default database called ‘test’.
  • Never store sensitive information (e.g. your credentials) in a simple text format.
  • Ensure that application-specific databases are available to appropriate users created by the application only.

Some important tips to protect PHP:

  • Disable unnecessary modules either by deleting or renaming the corresponding file in the /etc/php.d directory.
  • Hide PHP version information.
  • Disable the remote execution of code, commands, and the most popular functions.

It is highly recommended that all packages should be updated to the latest versions in time. This is just some examples that can be used to increase your LAMP server security. For more, read official documentation of packages.