Simon Jolle "sjolle"
2008-Feb-11 20:29 UTC
[CentOS] securing web applications (Wiki CMS installation)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Centos Users How to secure a Wiki CMS? This Wiki is based on Apache2, MySQL and PHP. I cant read the code (lack of knowledge). Would be glad about hints and URLs cheers Simon -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHsLAaEMN/lNE/wrwRAlqBAJ91UQgileOWgtjwqzxwfo2j6v2+yQCfb8tL eGkCnAkZ8lehGzUitDov6Iw=s2ox -----END PGP SIGNATURE-----
James A. Peltier
2008-Feb-11 21:25 UTC
[CentOS] securing web applications (Wiki CMS installation)
Simon Jolle "sjolle" wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Centos Users > > How to secure a Wiki CMS? This Wiki is based on Apache2, MySQL and PHP. > I cant read the code (lack of knowledge). > > Would be glad about hints and URLs > > cheers > Simon > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFHsLAaEMN/lNE/wrwRAlqBAJ91UQgileOWgtjwqzxwfo2j6v2+yQCfb8tL > eGkCnAkZ8lehGzUitDov6Iw> =s2ox > -----END PGP SIGNATURE----- > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centosThis is a very broad question to ask, however, I will appeal to the basics. 1) Use HTTPS whenever possible to avoid any passwords crossing the wire in clear text. 2) Ensure only the necessary modules are installed or enabled for your CMS to operate. 3) Always think least permissions necessary to perform the task 4) Ensure that MySQL is locked down with least permissions necessary. At the very least after you've installed MySQL make sure to run the secure-mysql-installation script to assign a password to the MySQL root user and lock down some of the basic tables. Each system is different and you should follow the guidelines outlined by the CMS to properly secure. If you are not sure of what you are deploying, that's kinda scary, you should be weary of that and tread lightly. -- James A. Peltier Technical Director, RHCE SCIRF | GrUVi @ Simon Fraser University - Burnaby Campus Phone : 778-782-3610 Fax : 778-782-3045 Mobile : 778-840-6434 E-Mail : jpeltier at cs.sfu.ca Website : http://gruvi.cs.sfu.ca | http://scirf.cs.sfu.ca MSN : subatomic_spam at hotmail.com