Mike napsal(a):
> Some suggestions:
> (Already mentioned) Keep php scripts up to date! This is paramount
> (Already mentioned) mount /tmp on loop with noexec
> (Already mentioned) php.ini: allow_url_fopen = off
> (Already mentioned) Learn how to use mod_security effectively
> (Already mentioned) Block outbound tcp/80 with iptables/etc
> (Already mentioned) SELinux can provide more fine grain control over
> - "who" can do "what"
> (Already mentioned) Use UNIX permissions to restrict access to
> - wget/curl/ncftp/lynx/etc
>
> Additional:
> php.ini: disable_functions = system,exec,passthru,shell_exec,pcntl_exec
>
For php 4.x I would add also safe_mode=On.
sed -i 's/safe_mode = Off/safe_mode = On/' /etc/php.ini
David Hrbáč
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
