Apache安全
1、修改/etc/apache2/apache2.conf配置文件:
用獨立的用戶和組運行apache
User username
Group username
禁用目錄列示、服務器包含、CGI支持
Options -Indexes -Includes -ExecCGI
隱藏服務器版本信息
ServerTokens ProductOnlyServerSignature Off
禁用apache對文件上傳目錄的php解釋
<Directory /dir>
php_flag engine off
</Directory>
2、修改程序文件所屬者:
groupadd username
useradd -d /dir -g username -s /usr/sbin/nologin username
chown -R username:username /dir
chmod -R 744 /dir
3、安裝並啓用apache安全模塊:
apt-get install libapache2-mod-security2
a2enmod security2
apt-get install libapache2-mod-evasive
a2enmod evasive
/etc/init.d/apache2 force-reload
PHP安全配置
1、修改/etc/php5/apache2/php.ini文件:
allow_url_fopen = Off
sql.safe_mode = On
expose_php = Off
cgi.fix_pathinfo = 0
disable_functions = ... , phpinfo, get_cfg_var,chroot,scandir,chgrp,chown,proc_open,error_log,ini_alter,ini_restore,dl,pfsockopen,syslog,readlink,symlink,popen,
MySQL安全配置
1、採用獨立賬號訪問數據庫:
>grant select,insert,update,delete on mydb.* to www-data@localhost identified by ‘password’;
>flush privileges;
2、修改配置文件/etc/mysql/my.cnf:
禁用遠程訪問skip-networking
3、移除~/.mysql_history文件:
rm ~/.mysql_history
ln -s /dev/null ~/.mysql_history
4、移除匿名賬戶和廢棄賬戶:
>select * from mysql.user where user=””;
>delete from mysql.user where user=”***”;
5、定期備份數據庫:
Mysqldump -u root -p mydb > mydb_year_month_day.sql