Simon Jolle wrote: > 2008/2/11, James A. Peltier <jpeltier at cs.sfu.ca>: >> This is a very broad question to ask, however, I will appeal to the basics. >> >> 1) Use HTTPS whenever possible to avoid any passwords crossing the wire >> in clear text. >> >> 2) Ensure only the necessary modules are installed or enabled for your >> CMS to operate. >> >> 3) Always think least permissions necessary to perform the task >> >> 4) Ensure that MySQL is locked down with least permissions necessary. >> At the very least after you've installed MySQL make sure to run the >> secure-mysql-installation script to assign a password to the MySQL root >> user and lock down some of the basic tables. >> >> Each system is different and you should follow the guidelines outlined >> by the CMS to properly secure. If you are not sure of what you are >> deploying, that's kinda scary, you should be weary of that and tread >> lightly. > > thank you > > I will deploy Wikka Wiki [0] - there are no explicit security settings > or guidelines > > How to harden Apache and PHP (without using SELinux)? SELinux is the "best" hardening step available for securing RH based php/httpd/mysql stacks (IMHO) ... why are you taking it off the table ??? besides SELinux, you might want to look at php-suhosin: http://www.hughesjr.com/content/view/21/1/ Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080212/6b0badde/attachment-0005.sig>