Install and secure LAMP on CentOS

Use YUM to retrieve and install the Apache HTTP server and additional components. After that, start the web-server and put it on startup:

yum install httpd httpd-devel
service httpd start
chkconfig httpd on

Next step is securing Apache. Edit the config /etc/httpd/conf/httpd.conf and set:

ServerSignature Off
ServerTokens Prod

First line tells Apache to not display the server version on generated pages. The second one makes the web-server to return only "Apache" in the header response.

Now you ready to Install the PHP module for Apache. The following lines download and install the common PHP with some modules:

yum install php-common php-gd php-mcrypt php-pear php-pecl-memcache php-mhash \
php-mysql php-xml

Next step is securing PHP. Open PHP config file /etc/php.ini and set:

safe_mode = Off
register_globals = Off
expose_php = Off
allow_url_fopen = Off
log_errors = On
error_log = /var/log/phperror.log
display_errors = Off

The above lines will implement some PHP security recommendations.

As you see, above all PHP errors will be stored in file /var/log/phperror.log. The following lines creates it and set the permissions:

touch /var/log/phperror.log
chmod 666 /var/log/phperror.log

Restart webserver to load PHP module:

service httpd restart

At this point Apache is ready to serve. The PHP could be tested. Create a file named /var/www/html/1.php with the following contents:


Then point your browser to http://x.x.x.x/1.php and check the output.

Next, install MySQL with required packages, start it and put the database server to startup:

yum install mysql mysql-server mysql-devel
service mysqld start
chkconfig mysqld on

Once MySQL is installed, secure it. First step is changing MySQL root password:

mysql> USE mysql;
mysql> UPDATE user SET Password=PASSWORD('pa$$w0rd') WHERE user='root';

Next, drop test database:

mysql> drop database test;
mysql> DELETE FROM user WHERE user = '';

For security reasons it's ofted a good ideea to have:


in MySQL config file /etc/my.cnf

The first line make MySQL to listen for TCP/IP connections only locally on the loop-back interface. Next line prevents against unauthorized reading from local files.

It is time to restart MySQL to make changes to work:

service mysql restart

Once LAMP is functional, phpMyAdmin can be installed:

yum install phpmyadmin

Configure Apache to allow acces to phpMyAdmin. Open /etc/httpd/conf.d/phpmyadmin.conf and uncomment the line:

# Deny from all

The configuration file needs a secret pass-phrase to be entered. Open the phpMyAdmin config file /usr/share/phpmyadmin/ and enter a pass-phrase:

$cfg['blowfish_secret'] = 'p@$$w0rd'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

Restart the Apache webserver to be able to acces phpMyAdmin:

service httpd restart

To test phpMyAdmin you should point your browser to http://x.x.x.x/phpmyadmin

Note: If you want to add a virtual host www.domain.tld to the Apache – follow the below steps.

First of all create directories and set correct permissions:

mkdir -p /home/domain.tld/{public_html,logs}
chown -R apache:apache /home/domain.tld

Open Apache config /etc/httpd/conf/httpd.conf and alter NameVirtualHost directive:

NameVirtualHost ip.address:80

After that add the following VirtualHost container and paste it at the end of the config file:

<VirtualHost ip.address:80>
        ServerAdmin webmaster@domain.tld
        ServerName www.domain.tld
        ServerAlias domain.tld

        DocumentRoot /home/domain.tld/public_html

        <Directory />
                Options -Indexes FollowSymLinks
                AllowOverride None

                Order allow,deny
                allow from all

        ErrorLog /home/domain.tld/logs/domain.tld-error_log
        CustomLog /home/domain.tld/logs/domain.tld-access_log common

Test if the config syntax is OK and restart Apache:

httpd -t
service httpd restart