I'm setting up a new CentOS 4.4 server to work with Fruity (a frontend program that operates Nagios). For security purposes, what chmod and chown settings do you put on the /var/www/html folders?
Also, can anyone recommend any good LAMP hardening guides? While I'm not planning on putting this into production, I'd like to cover all my bases before that's an issue.
I can't answer all your questions, but I can answer a little.
Ideally your should have everything from the html dir on down owned by root (or the account of whoever is going to be maintaining the html pages), but with a group of www.
The permissions for everything should have the group and others lacking write permission to anything (even if you're using a db). There's no reason apache or anything else needs write permission to those directories unless you're planning to use webdav for publishing your pages.
Geoff
Sent from my BlackBerry wireless handheld.
-----Original Message----- From: "Rogelio Bastardo" scubacuda@gmail.com
Date: Sun, 23 Sep 2007 10:13:46 To:"CentOS mailing list" centos@centos.org Subject: [CentOS] chmod / chown settings on /var/www/html
I'm setting up a new CentOS 4.4 server to work with Fruity (a frontend program that operates Nagios). For security purposes, what chmod and chown settings do you put on the /var/www/html folders? Also, can anyone recommend any good LAMP hardening guides? While I'm not planning on putting this into production, I'd like to cover all my bases before that's an issue. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
gjgowey@tmo.blackberry.net -
Rogelio Bastardo