<a href="https://colab.research.google.com/github/DiamondTusks/Cybersecurity/blob/main/CSProg.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

### **Find and initialise your new storage device**

Use the lsblk command to view the block devices and find your new storage device.

```
sudo lsblk
```

Let's assume your new storage device is /dev/sdb. 
Initialise the disk with fdisk.

```
sudo fdisk /dev/sdb
```

Inside the fdisk utility:

press `n` to create a new partition,

press `p` for primary,

then `1` for the first partition. 

Press `Enter` to accept the default values for the first sector.

If you plan to have more partitions, follow instructions on screen, eg. type `+10G` for last sector if you want to allocate 10GB to the partition. Otherwise just press `Enter`.

Press `w` to write the partition table and exit.


### **Mount your new storage device to /var/www/html/wordpress/**

Create the mount point.

```
sudo mkdir -p /var/www/html/wordpress/
```

Mount the partition to this directory.

```
sudo mount /dev/sdb1 /var/www/html/wordpress/
```




###**Deploy WordPress to the `/var/www/html/wordpress/` directory and install it**

We are using the LAMP stack software bundle.

LAMP stands for Linux, Apache, MySQL, and PHP. Together, they provide a powerful web server environment. 

Here are the general steps to install a full LAMP stack and deploy WordPress on CentOS Stream 9. 

MySQL has already been deployed. You can see it with `systemctl status mysqld`. Database name, username and password has been set to `wordpress`.

Please note that this is a general guide, and depending on your specific setup and needs, you might need to adjust these steps.

1. **Update your system**: Keep your system up-to-date.

    ```bash
    sudo dnf update -y
    ```

2. **Install Apache**: Apache is a web server software.

    ```bash
    sudo dnf install httpd -y
    ```
    
    After installation, you need to start and enable Apache to make sure it starts automatically at system boot.

    ```bash
    sudo systemctl start httpd
    sudo systemctl enable httpd
    ```

3. **Install PHP**: PHP is a popular scripting language that is especially suited to web development.

    ```bash
    sudo dnf install php php-mysqlnd -y
    ```

    After the installation, restart Apache to make sure it recognizes and uses PHP.

    ```bash
    sudo systemctl restart httpd
    ```

5. **Download and Install WordPress**: 

    First, navigate to the Apache document root.

    ```bash
    cd /var/www/html/
    ```
    Download `wget` is required:
    ```bash
    sudo dnf install wget
    ```

    Download WordPress.

    ```bash
    sudo wget http://wordpress.org/latest.tar.gz
    ```

    Extract the downloaded file.

    ```bash
    sudo tar xzvf latest.tar.gz
    ```
    
    Remove compressed file.
    ```bash
    sudo rm latest.tar.gz
    ```

    Now, you should have a WordPress directory in `/var/www/html/`.

6. **Configure WordPress**:

    Move to the WordPress directory.

    ```bash
    cd /var/www/html/wordpress/
    ```

    Copy the sample WordPress config file to create your own config file.

    ```bash
    sudo cp wp-config-sample.php wp-config.php
    ```

    Open the WordPress config file and replace the 'database_name_here', 'username_here', and 'password_here' placeholders with your database details.

    ```bash
    sudo vi wp-config.php
    ```

8. **Update httpd.conf**:
    The main Apache (httpd) configuration file is usually found at `/etc/httpd/conf/httpd.conf` on CentOS systems. You can open and edit it using a text editor such as `nano` or `vi`. Here is how you can do it with `vi`:

    ```bash
    sudo vi /etc/httpd/conf/httpd.conf
    ```

    **DocumentRoot**: This is the directory out of which you will serve your documents. By default, all requests are taken from this directory, but symbolic links and aliases may be used to point to other locations.

    ```conf
    DocumentRoot "/var/www/html/wordpress"
    ```
    Press `i` to edit/insert
    Press `esc` then to save and exit type `:wq` and press ENTER

    Remember to always back up your configuration files before making changes.

    After making changes to the configuration file, you need to restart Apache to apply the changes:

    ```bash
    sudo systemctl restart httpd
    ```


9. **Finalizing Installation via Web Interface**:

    Finally, open your web browser and navigate to your server's domain name or public IP address followed by /wordpress: `http://domain_or_IP`.

    Follow the WordPress web interface to finalize the installation. This will include setting up a site name, username, password, and email.


###**Configure permissions so that WordPress owns its own files**

When you install WordPress, the files and folders are typically owned by the web server user. This can be a security risk, as it allows the web server user to modify or delete WordPress files. 

To improve security, it is best to configure WordPress to own its own files.

To do this, you will need to change the ownership of the files and folders to the user that owns the WordPress process. 

This can be done using an FTP client or SSH. Once you have changed the ownership, you will need to change the permissions on the files and folders. 

The permissions should be set to 644 for files and 755 for folders.

1.  **Change the ownership of the files and directories**:
    ```bash
    sudo chown -R apache:apache /var/www/html/wordpress/
    ```
  
2.  **Limit permissions for wp-config.php**:
    ```bash
    sudo chmod 400 /var/www/html/wordpress/wp-config.php
    ```
3.  **File and directory permissions**:

    All other file permissions should be left at their default values.

    By default, files should be 644, and directories should be 755.

    If otherwise:
    ```bash
    sudo find /var/www/html/wordpress/ -type d -exec chmod 755 {} \;
    sudo find /var/www/html/wordpress/ -type f -exec chmod 644 {} \;
    ```
4.  **Use rsync**:
    ```
    rsync -avz --delete /var/www/html/wordpress/ /backups/wordpress/
    ```
5.  **Automate**:
    ```bash
    crontab -e
    ```
    then in vim:
    press i to insert/edit
    ```vim
    59 23 * * * rsync -avz --delete /var/www/html/wordpress/ /backups/wordpress/
    ```
    then press `esc` to exit insert mode
    then type `:wq` and press `enter` to save and exit
6.  **Create compressed file**:
    ```
    tar -zcvf /backups/wordpress.tar.gz /backups/wordpress/
    ```

### **Create a compressed archive of the /backups/wordpress/ directory**
    It should be possible to restore the directory with this command: sudo tar xpvf /backups/wordpress.tar.* 
    ```
    sudo tar cvpf /backups/wordpress.tar.gz wordpress
    ```

 Configure a firewall to:
a. Allow all network access for ssh on port 22
b. Reject all remote machines network access for mysql on its service port
c. Allow all network access for your unpopulated WordPress website

Drop incoming connections from all unused ports for the default zone

Ensure that Apache httpd has read and write access to all files within

Configure SELinux security contexts for /srv/wordpress/ to persist after a reboot

Ensure that WordPress can update itself with SELinux enabled, even after a reboot