{"id":339,"date":"2019-04-12T21:04:00","date_gmt":"2019-04-12T21:04:00","guid":{"rendered":"https:\/\/bootstrap-it.com\/blog\/?p=339"},"modified":"2019-04-12T21:04:00","modified_gmt":"2019-04-12T21:04:00","slug":"securing-your-linux-web-server","status":"publish","type":"post","link":"https:\/\/bootstrap-it.com\/blog\/?p=339","title":{"rendered":"Securing your Linux web server"},"content":{"rendered":"
<\/a><\/a><\/a><\/a><\/a><\/div>\n

This article, which also appears among my Medium articles<\/a>, was excerpted from chapter 9 of my Manning book, <\/em>Linux in Action<\/em><\/a>. Besides the book, you can also work through<\/em>\u00a0Linux in Motion<\/em><\/a>\u200a\u2014\u200aa hybrid course made up of more than two hours of video and around 40% of the text of Linux in Action.<\/em><\/p>\n\n\n\n

Building a LAMP server and getting it all nicely configured with reliable data handling, a domain, and a TLS certificate is only half the battle. You\u2019ll also need to make sure your infrastructure is protected from the internet\u2019s many frightening threats.<\/p>\n\n\n\n

In this article, I\u2019ll explore website security through the proper use of system groups, process isolation, and regular audits of your system resources. It\u2019s not the whole story (my Linux in Action book<\/a> covers additional tools like installing TLS certificates and working with SELinux), but it\u2019s a great start.<\/p>\n\n\n\n

System groups and the principle of least privilege<\/h3>\n\n\n\n

The developers you support have (finally) come to realize that they need to restrict public<\/em> access to the data and configuration files living on the application server while still allowing access to various dev and IT teams.<\/p>\n\n\n\n

The first part of the solution is groups<\/em>. A group is a system object\u200a\u2014\u200amuch the same as a user\u200a\u2014\u200aexcept that no one will ever log in to the system as a group. The power of groups is in how they, like users, can be \u201cassigned\u201d to files or directories, allowing any group members to share the group powers. This is illustrated in the figure.<\/p>\n\n\n\n

\"\"\/
Developers who are members of the Developers group can be given access to a particular directory, as opposed to those individuals who are not part of the group<\/figcaption><\/figure>\n\n\n\n

Try this yourself: use a text editor to create a new file. Add some \u201cHello world\u201d text so you\u2019ll be able to easily tell when you can successfully access it. Now edit its permissions using chmod 770 so that the file\u2019s owner and group have full rights over the file, but others can\u2019t even read it.<\/p>\n\n\n\n

$ nano datafile.txt
$ chmod 770 datafile.txt<\/pre>\n\n\n\n
If your system doesn\u2019t already have an extra user besides your account, create
one using either adduser\u200a\u2014\u200athe Debian\/Ubuntu way\u200a\u2014\u200aor useradd if you\u2019re on
CentOS. useradd will also work on Ubuntu.<\/p>\n\n\n\n
The useradd command (as opposed to the Debian adduser) requires you to
generate a user password separately:<\/em><\/p>\n\n\n\n
# useradd otheruser
# passwd otheruser
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully<\/pre>\n\n\n\n
Use su<\/em> to switch to your new user. Once you enter the user\u2019s password, all the commands you execute will be run as that user. You\u2019ll be working with only that user\u2019s authority: no more and no less. If you try reading the datafile.txt file (using cat ), you\u2019ll have no luck since, as you remember, others were denied read permission. When you\u2019re done, type exit to leave the new user shell and return to your original shell.<\/p>\n\n\n\n
$ su otheruser
Password:
$ cat \/home\/ubuntu\/datafile.txt
cat: \/home\/ubuntu\/datafile.txt: Permission denied
$ exit<\/pre>\n\n\n\n
All this is expected and easy to understand. And, as you\u2019ve seen, not being able to read the file belonging to a different reader can sometimes be a problem. Let\u2019s see what we can do about it by associating the file with a group and then properly configuring the file\u2019s permissions.<\/p>\n\n\n\n
Create a new group you can use to manage your application data and then edit the properties of your data file using chown . The ubuntu:app-data-group argument leaves the file ownership in the hands of the ubuntu user, but changes its group to your new app-data-group .<\/p>\n\n\n\n
# groupadd app-data-group
# chown ubuntu:app-data-group datafile.txt<\/pre>\n\n\n\n
Run ls with \u201clong\u201d output against the file to view its new permissions and status. Note that, as expected, ubuntu is the file\u2019s owner and app-data-group is its group.<\/p>\n\n\n\n
$ ls -l | grep datafile.txt
-rwxrwx \u2014 \u2014 1 ubuntu app-data-group 6 Aug 9 22:43 datafile.txt<\/pre>\n\n\n\n
You can use usermod to add your user to the app-data-group group and then,
once again, su to switch to a shell deploying the other user\u2019s account. This time, even though the file\u2019s permissions lock others out\u200a\u2014\u200aand you\u2019re definitely acting as an \u201cother\u201d user right now\u200a\u2014\u200ayou should be able to read it thanks to your group membership.<\/p>\n\n\n\n
# usermod -aG app-data-group otheruser
$ su otheruser
$ cat datafile.txt
Hello World<\/pre>\n\n\n\n
Use su to switch between user accounts. These happened to be the contents of my datafile.txt file. This kind of organization is the correct and effective way to deal with many of the complicated permissions issues that will arise on a multi-user system.<\/p>\n\n\n\n
In fact, not only is it used to give individual users the access they need, but many system processes couldn\u2019t do their jobs without special group memberships. Take a quick look through the \/etc\/group file and note how many system processes have their own groups.<\/p>\n\n\n\n
A partial listing of the contents of the \/etc\/group file:<\/em><\/p>\n\n\n\n
$ cat \/etc\/group
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:syslog
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
[\u2026]<\/pre>\n\n\n\n
Isolating processes within containers<\/h3>\n\n\n\n
Worried that the multiple services you\u2019ve got running on a single server will, should one service be breached, all be at risk? One way to limit the damage that careless or malicious users can cause is by isolating system resources and processes. This way, even if someone might want to expand their reach beyond a set limit, they won\u2019t have physical access.<\/p>\n\n\n\n
The old approach to the problem was provisioning a separate physical machine for each service. But virtualization can make it a lot easier -and more affordable – to build a \u201csiloed\u201d infrastructure. this architecture is often referred to as microservices<\/em> and would have you launch multiple containers with one, perhaps, running only a database, another Apache, and a third containing media files that might be embedded in your web pages. Besides the many performance and efficiency benefits associated with microservices architectures, this can greatly reduce each individual component\u2019s risk exposure.<\/p>\n\n\n\n
By \u201ccontainers\u201d I don\u2019t necessarily mean those of the LXC persuasion.
These days, for this kind of deployment, Docker containers are far more
popular. If you\u2019re interested in learning more about Docker, check out my Pluralsight courses<\/a> that touch on the topic.<\/p>\n\n\n\n
Scanning for dangerous User ID values<\/h3>\n\n\n\n
While any admin user will be able to temporarily assume root authority using sudo, only root is actually root . As you\u2019ve seen already, it isn\u2019t safe to perform regular functions as root. But it can happen\u200a\u2014\u200awhether by innocent accident or malicious tampering\u200a\u2014\u200athat a regular user can effectively get admin rights full-time.<\/p>\n\n\n\n
The good news is that it\u2019s easy to spot imposters: their user and\/or group ID
numbers will, like root, be zero (0). Take a look at the passwd file in \/etc\/. This file contains a record for each regular and system user account that currently exists. The first field contains the account name (root and ubuntu in this case) and the second field might contain an x in place of a password (which, if it exists, will appear encrypted in the \/etc\/shadow file). But the next two fields contain the user and group IDs. In the case of ubuntu in this example, both IDs are 1000 . And, as you can see, root has zeroes.<\/p>\n\n\n\n
$ cat \/etc\/passwd
root:x:0:0:root:\/root:\/bin\/bash
[\u2026]
ubuntu:x:1000:1000::\/home\/ubuntu:\/bin\/bash<\/pre>\n\n\n\n
If you ever see a regular user with a user or group ID of 0, however, then you know there\u2019s something nasty going on and you should get to work fixing it. The quick and easy way to spot a problem is to run this awk command against the passwd file, which will print out any line whose third field contains only a 0. In this case, to my great relief, the only result was root . You can run it a second time substituting $4 for $3 to pick up the group ID field.<\/p>\n\n\n\n
$ awk -F: \u2018($3 == \u201c0\u201d) {print}\u2019 \/etc\/passwd
root:x:0:0:root:\/root:\/bin\/bash<\/pre>\n\n\n\n
Auditing system resources<\/h3>\n\n\n\n
The more things you\u2019ve got running, the greater the odds of something breaking. So it makes sense that you\u2019ll want to keep track of what\u2019s running. This will apply to network ports (if they\u2019re \u201copen\u201d then, by definition, there must be a way in), services (if they\u2019re active, then people can run them), and installed software (if it\u2019s installed, it can be executed).<\/p>\n\n\n\n
For audits to be useful you\u2019ll have to remember to run them once in a while. Since you just know you\u2019re going to forget, you\u2019ll be much better off incorporating your auditing tools into a script that not only executes regularly but, ideally, also parses the results to make them more readable.<\/p>\n\n\n\n
Here, however, I\u2019ll focus on introducing you to three key audit tools to help you scan for open ports, active services, and unnecessary software packages. Getting it automated will be your job.<\/p>\n\n\n\n
Scanning for open ports<\/h4>\n\n\n\n
A port is considered \u201copen\u201d if there\u2019s some process running on the host that\u2019s listening on that port for requests. Keeping an eye on your open ports can keep you plugged into what\u2019s really going on with your server.<\/p>\n\n\n\n
You already know that a regular web server is probably going to have HTTP (80) and SSH (22) open, so it shouldn\u2019t come as a surprise to come across those. But you\u2019ll really want to focus on other unexpected results. netstat will display open ports along with a wealth of information about how they\u2019re being used.<\/p>\n\n\n\n
In this example run against a fairly typical multi-purpose server, -n tells netstat to include the numeric ports and addresses. -l includes only listening sockets, and -p adds the process ID of the listening program. Naturally, if you see something, do something.<\/p>\n\n\n\n
# netstat -npl
Active Internet connections (only servers)
Proto Local Address Foreign Address State PID\/Program name
tcp 127.0.0.1:3306 0.0.0.0:* LISTEN 403\/mysqld
tcp 0.0.0.0:139 0.0.0.0:* LISTEN 270\/smbd
tcp 0.0.0.0:22 0.0.0.0:* LISTEN 333\/sshd 
tcp 0.0.0.0:445 0.0.0.0:* LISTEN 270\/smbd
tcp6 :::80 :::* LISTEN 417\/apache2 
[\u2026]<\/pre>\n\n\n\n
In recent years, ss<\/em> has begun to replace netstat for many uses. Just in case you find yourself at a party one day and someone asks you about ss<\/em> , this example (which lists all established SSH connections) should give you enough information to save you from deep embarrassment:<\/p>\n\n\n\n
$ ss -o state established \u2018( dport = :ssh or sport = :ssh )\u2019
Netid Recv-Q Send-Q Local Address:Port Peer Address:Port 
tcp 0 0 10.0.3.1:39874 10.0.3.96:ssh 
timer:(keepalive,18min,0)<\/pre>\n\n\n\n
Scanning for active services<\/h4>\n\n\n\n
Getting a quick snapshot of the systemd-managed services currently enabled on your machine can help you spot activity that doesn\u2019t belong. systemctl can list all existing services, which can then be narrowed down to only those results whose descriptions include enabled. This will return only active services.<\/p>\n\n\n\n
# systemctl list-unit-files \u2014 type=service \u2014 state=enabled
autovt@.service                       enabled 
bind9.service                         enabled 
cron.service                          enabled 
dbus-org.freedesktop.thermald.service enabled 
docker.service                        enabled 
getty@.service                        enabled 
haveged.service                       enabled 
mysql.service                         enabled 
networking.service                    enabled 
resolvconf.service                    enabled 
rsyslog.service                       enabled 
ssh.service                           enabled 
sshd.service                          enabled
syslog.service                        enabled 
systemd-timesyncd.service             enabled 
thermald.service                      enabled 
unattended-upgrades.service           enabled 
ureadahead.service                    enabled<\/pre>\n\n\n\n
If you do find something that shouldn\u2019t be there, you can use systemctl to both
stop the service and make sure it doesn\u2019t start up again with the next boot.<\/p>\n\n\n\n
# systemctl stop haveged
# systemctl disable haveged<\/pre>\n\n\n\n
There\u2019s actually nothing dark and sinister about the haveged<\/em> service I\u2019m
stopping in this example: it\u2019s a very small tool I often install to generate
random background system activity when I\u2019m creating encryption keys.<\/p>\n\n\n\n
Searching for installed software<\/h4>\n\n\n\n
Could someone or something have installed software on your system without you knowing? Well, how would you know if you don\u2019t look? yum list installed or, on Debian\/Ubuntu, dpkg\u200a\u2014\u200alist will give you the whole briefing, while remove <packagename> should delete any packages that don\u2019t belong.<\/p>\n\n\n\n
# yum list installed
# yum remove packageName<\/pre>\n\n\n\n
Here\u2019s how it goes on Ubuntu:<\/p>\n\n\n\n
# dpkg --list
# apt-get remove packageName<\/pre>\n\n\n\n
It\u2019s also a good idea to be aware of changes to your system configuration files –
which is something I cover in chapter 11.<\/p>\n\n\n\n
This article is excerpted from my <\/em>Manning \u201cLinux in Action\u201d book<\/em><\/a>. There\u2019s lots more fun <\/em>where this came from<\/em><\/a>, including a hybrid course called <\/em>Linux in Motion<\/em><\/a>that\u2019s made up of more than two hours of video and around 40% of the text of Linux in Action.. Who knows\u2026you might also enjoy my recently published <\/em>Learn Amazon Web Services in a Month of Lunches<\/em><\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"
This article, which also appears among my Medium articles, was excerpted from chapter 9 of my Manning book, Linux in Action. Besides the book, you can also work through\u00a0Linux in Motion\u200a\u2014\u200aa hybrid course made up of more than two hours… Continue Reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":340,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-339","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"yoast_head":"\nSecuring your Linux web server - Bootstrap IT<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/bootstrap-it.com\/blog\/?p=339\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing your Linux web server - Bootstrap IT\" \/>\n<meta property=\"og:description\" content=\"This article, which also appears among my Medium articles, was excerpted from chapter 9 of my Manning book, Linux in Action. Besides the book, you can also work through\u00a0Linux in Motion\u200a\u2014\u200aa hybrid course made up of more than two hours… Continue Reading →\" \/>\n<meta property=\"og:url\" content=\"https:\/\/bootstrap-it.com\/blog\/?p=339\" \/>\n<meta property=\"og:site_name\" content=\"Bootstrap IT\" \/>\n<meta property=\"article:published_time\" content=\"2019-04-12T21:04:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/bootstrap-it.com\/blog\/wp-content\/uploads\/webserver-linux.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1502\" \/>\n\t<meta property=\"og:image:height\" content=\"901\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"dbclin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@davidbclinton\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"dbclin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/bootstrap-it.com\/blog\/?p=339\",\"url\":\"https:\/\/bootstrap-it.com\/blog\/?p=339\",\"name\":\"Securing your Linux web server - Bootstrap IT\",\"isPartOf\":{\"@id\":\"https:\/\/bootstrap-it.com\/blog\/#website\"},\"datePublished\":\"2019-04-12T21:04:00+00:00\",\"dateModified\":\"2019-04-12T21:04:00+00:00\",\"author\":{\"@id\":\"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/ae0fb1d5b3b01558b92b6426d77766ec\"},\"breadcrumb\":{\"@id\":\"https:\/\/bootstrap-it.com\/blog\/?p=339#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/bootstrap-it.com\/blog\/?p=339\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/bootstrap-it.com\/blog\/?p=339#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/bootstrap-it.com\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Securing your Linux web server\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/bootstrap-it.com\/blog\/#website\",\"url\":\"https:\/\/bootstrap-it.com\/blog\/\",\"name\":\"Bootstrap IT\",\"description\":\"Learn technology using technology\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/bootstrap-it.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/ae0fb1d5b3b01558b92b6426d77766ec\",\"name\":\"dbclin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a93785d437350478a7f1dfcbec58d26bc28e0124e405179acbe1b4325c09f90a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a93785d437350478a7f1dfcbec58d26bc28e0124e405179acbe1b4325c09f90a?s=96&d=mm&r=g\",\"caption\":\"dbclin\"},\"sameAs\":[\"http:\/\/bootstrap-it.com\/\",\"dbclinton\",\"https:\/\/twitter.com\/davidbclinton\"],\"url\":\"https:\/\/bootstrap-it.com\/blog\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Securing your Linux web server - Bootstrap IT","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/bootstrap-it.com\/blog\/?p=339","og_locale":"en_US","og_type":"article","og_title":"Securing your Linux web server - Bootstrap IT","og_description":"This article, which also appears among my Medium articles, was excerpted from chapter 9 of my Manning book, Linux in Action. Besides the book, you can also work through\u00a0Linux in Motion\u200a\u2014\u200aa hybrid course made up of more than two hours… Continue Reading →","og_url":"https:\/\/bootstrap-it.com\/blog\/?p=339","og_site_name":"Bootstrap IT","article_published_time":"2019-04-12T21:04:00+00:00","og_image":[{"width":1502,"height":901,"url":"https:\/\/bootstrap-it.com\/blog\/wp-content\/uploads\/webserver-linux.png","type":"image\/png"}],"author":"dbclin","twitter_card":"summary_large_image","twitter_creator":"@davidbclinton","twitter_misc":{"Written by":"dbclin","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/bootstrap-it.com\/blog\/?p=339","url":"https:\/\/bootstrap-it.com\/blog\/?p=339","name":"Securing your Linux web server - Bootstrap IT","isPartOf":{"@id":"https:\/\/bootstrap-it.com\/blog\/#website"},"datePublished":"2019-04-12T21:04:00+00:00","dateModified":"2019-04-12T21:04:00+00:00","author":{"@id":"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/ae0fb1d5b3b01558b92b6426d77766ec"},"breadcrumb":{"@id":"https:\/\/bootstrap-it.com\/blog\/?p=339#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/bootstrap-it.com\/blog\/?p=339"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/bootstrap-it.com\/blog\/?p=339#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/bootstrap-it.com\/blog"},{"@type":"ListItem","position":2,"name":"Securing your Linux web server"}]},{"@type":"WebSite","@id":"https:\/\/bootstrap-it.com\/blog\/#website","url":"https:\/\/bootstrap-it.com\/blog\/","name":"Bootstrap IT","description":"Learn technology using technology","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/bootstrap-it.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/ae0fb1d5b3b01558b92b6426d77766ec","name":"dbclin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a93785d437350478a7f1dfcbec58d26bc28e0124e405179acbe1b4325c09f90a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a93785d437350478a7f1dfcbec58d26bc28e0124e405179acbe1b4325c09f90a?s=96&d=mm&r=g","caption":"dbclin"},"sameAs":["http:\/\/bootstrap-it.com\/","dbclinton","https:\/\/twitter.com\/davidbclinton"],"url":"https:\/\/bootstrap-it.com\/blog\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/339","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=339"}],"version-history":[{"count":1,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/339\/revisions"}],"predecessor-version":[{"id":341,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/339\/revisions\/341"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/media\/340"}],"wp:attachment":[{"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=339"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=339"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=339"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}