rajitha-bandara/gist:b513c7d65b5b02fd96512e44febc5852

## gistfile1.txt
Manage Security
1.Allow HTTP Service theough firewall
Open Predefined Service
https://www.rootusers.com/how-to-open-a-port-in-centos-7-with-firewalld/

2. Change SSH Port
https://www.globo.tech/learning-center/change-ssh-port-centos-7/

3. Disable  Root Login
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-7

4. Extra Services & security
https://www.digitalocean.com/community/tutorials/additional-recommended-steps-for-new-centos-7-servers

5. Multiple sites with virtual hosts
https://www.godaddy.com/help/configure-apache-virtual-hosts-centos-7-17338

(SELinux might create problems when apache restart after all things done in Centos 7)
Execute with sudo
 semanage fcontext -a -t httpd_sys_rw_content_t 'abc.com'
 restorecon -v 'abc.com'
 setsebool -P httpd_unified 1
 ausearch -c 'httpd' --raw | audit2allow -M my-httpd
 semodule -i my-httpd.pp


 6. Setup postgresql
 Install from Enterprise DB

 in pg_hba.conf (/opt/PostgreSQL/9.6/data/pg_hba.conf)
 Change ident to md5 if not set to allow login with password

 Add a host record fot 127.0.0.1
 At the end it should look like below
 # TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     md5
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5

host    all             all             127.0.0.1/32            md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     postgres                                md5
#host    replication     postgres        127.0.0.1/32            md5
#host    replication     postgres        ::1/128                 md5


 To fix SELinux permission denied problem set flag
 sudo setsebool -P httpd_can_network_connect_db on

 7. Install Teamviewer
 After installing Teamviewer,
check if daemon is running fine:
teamviewer --daemon status

get machine id:
teamviewer --info | grep "TeamViewer ID"

set password
sudo teamviewer passwd [password]

start :
export DISPLAY=":0.0"
teamviewer

8. Allow rewrite urls
In  /etc/httpd/conf/httpd.conf
Find the section <directory /var/www/html> and change AllowOverride None to AllowOverride All

 <Directory /var/www/html>
    AllowOverride All
 </Directory>
	Manage Security
	1.Allow HTTP Service theough firewall
	Open Predefined Service
	https://www.rootusers.com/how-to-open-a-port-in-centos-7-with-firewalld/

	2. Change SSH Port
	https://www.globo.tech/learning-center/change-ssh-port-centos-7/

	3. Disable Root Login
	https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-7

	4. Extra Services & security
	https://www.digitalocean.com/community/tutorials/additional-recommended-steps-for-new-centos-7-servers

	5. Multiple sites with virtual hosts
	https://www.godaddy.com/help/configure-apache-virtual-hosts-centos-7-17338

	(SELinux might create problems when apache restart after all things done in Centos 7)
	Execute with sudo
	semanage fcontext -a -t httpd_sys_rw_content_t 'abc.com'
	restorecon -v 'abc.com'
	setsebool -P httpd_unified 1
	ausearch -c 'httpd' --raw \| audit2allow -M my-httpd
	semodule -i my-httpd.pp


	6. Setup postgresql
	Install from Enterprise DB

	in pg_hba.conf (/opt/PostgreSQL/9.6/data/pg_hba.conf)
	Change ident to md5 if not set to allow login with password

	Add a host record fot 127.0.0.1
	At the end it should look like below
	# TYPE DATABASE USER ADDRESS METHOD

	# "local" is for Unix domain socket connections only
	local all all md5
	# IPv4 local connections:
	host all all 127.0.0.1/32 md5
	# IPv6 local connections:
	host all all ::1/128 md5

	host all all 127.0.0.1/32 md5
	# Allow replication connections from localhost, by a user with the
	# replication privilege.
	#local replication postgres md5
	#host replication postgres 127.0.0.1/32 md5
	#host replication postgres ::1/128 md5


	To fix SELinux permission denied problem set flag
	sudo setsebool -P httpd_can_network_connect_db on

	7. Install Teamviewer
	After installing Teamviewer,
	check if daemon is running fine:
	teamviewer --daemon status

	get machine id:
	teamviewer --info \| grep "TeamViewer ID"

	set password
	sudo teamviewer passwd [password]

	start :
	export DISPLAY=":0.0"
	teamviewer

	8. Allow rewrite urls
	In /etc/httpd/conf/httpd.conf
	Find the section <directory /var/www/html> and change AllowOverride None to AllowOverride All

	<Directory /var/www/html>
	AllowOverride All
	</Directory>