Securing Moodle on Linux

These steps are essential for a production server containing student passwords and data.

https encryption

Certbot and virtual host

File permissions =

• Reset the permissions on /var/www/html/moodle directories to read, write and execute for the webserver, read and execute for group and others
• Reset the permissions on /var/www/html/moodle files to read, write for the webserver, read only for group and other

Secure database and set the root

Run the mariadb-secure-installation script to strengthen security by setting a root password, removing anonymous users, disabling remote root login, deleting the test database, and reloading privileges. sudo mariadb-secure-installation

Configure and enable firewall

       Allow SSH (port 22) for remote access
       Enable the UFW firewall with confirmation
       Set default policy to deny all incoming connections
       Set default policy to allow all outgoing connections
       Allow HTTP traffic on port 80
       Allow full access for Apache (HTTP and HTTPS)

sudo ufw allow 22/tcp sudo ufw --force enable sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow www sudo ufw allow 'Apache Full' </syntaxhighlight>

sudo find /var/www/html/moodle -type d -exec chmod 755 {} \; 
sudo find /var/www/html/moodle -type f -exec chmod 644 {} \;