[CentOS] securing web applications (Wiki CMS installation)

Johnny Hughes johnny at centos.org
Tue Feb 12 15:58:58 UTC 2008


Simon Jolle wrote:
> 2008/2/11, James A. Peltier <jpeltier at cs.sfu.ca>:
>> This is a very broad question to ask, however, I will appeal to the basics.
>>
>> 1) Use HTTPS whenever possible to avoid any passwords crossing the wire
>> in clear text.
>>
>> 2) Ensure only the necessary modules are installed or enabled for your
>> CMS to operate.
>>
>> 3) Always think least permissions necessary to perform the task
>>
>> 4) Ensure that MySQL is locked down with least permissions necessary.
>> At the very least after you've installed MySQL make sure to run the
>> secure-mysql-installation script to assign a password to the MySQL root
>> user and lock down some of the basic tables.
>>
>> Each system is different and you should follow the guidelines outlined
>> by the CMS to properly secure.  If you are not sure of what you are
>> deploying, that's kinda scary, you should be weary of that and tread
>> lightly.
> 
> thank you
> 
> I will deploy Wikka Wiki [0] - there are no explicit security settings
> or guidelines
> 
> How to harden Apache and PHP (without using SELinux)?

SELinux is the "best" hardening step available for securing RH based 
php/httpd/mysql stacks (IMHO) ... why are you taking it off the table ???

besides SELinux, you might want to look at php-suhosin:

http://www.hughesjr.com/content/view/21/1/

Thanks,
Johnny Hughes


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080212/6b0badde/attachment.sig>


More information about the CentOS mailing list