Johnny Hughes wrote:
Simon Jolle wrote:
2008/2/11, James A. Peltier <jpeltier@xxxxxxxxx>:
This is a very broad question to ask, however, I will appeal to the
basics.
1) Use HTTPS whenever possible to avoid any passwords crossing the wire
in clear text.
2) Ensure only the necessary modules are installed or enabled for your
CMS to operate.
3) Always think least permissions necessary to perform the task
4) Ensure that MySQL is locked down with least permissions necessary.
At the very least after you've installed MySQL make sure to run the
secure-mysql-installation script to assign a password to the MySQL root
user and lock down some of the basic tables.
Each system is different and you should follow the guidelines outlined
by the CMS to properly secure. If you are not sure of what you are
deploying, that's kinda scary, you should be weary of that and tread
lightly.
thank you
I will deploy Wikka Wiki [0] - there are no explicit security settings
or guidelines
How to harden Apache and PHP (without using SELinux)?
SELinux is the "best" hardening step available for securing RH based
php/httpd/mysql stacks (IMHO) ... why are you taking it off the table ???
Let me try:
- because it's too much? complexity is the ennemy of security. lack of
adequate documentation is the ennemy of usability. I couldn't find
simple directions on how to make a service work correctly in presence of
selinux (except disabling it). all docs I've seen place the discussion
in a meta-world and require spending time understanding terminology and
concepts that I am not sure to find useful.
- because it doesn't secure apache/php. it secures the system against
apache (to some extenst) but doesn't help securing apache itself.
besides SELinux, you might want to look at php-suhosin:
http://www.hughesjr.com/content/view/21/1/
It would be nice if RH included this by default...
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
