Apache Security – Necessary Settings
PHP is powerful, and allows static html pages to become dynamic. It also allows information to translate into commands and functions. Because of this you should implement a variety of security features. The biggest security feature, which increases security of the host machine, is setting the basedir parameter. This locks PHP functions to a particular directory, not allowing them to run processes or effect files further down the tree. Use nano and the cntrl-w function to search for “open_basedir” in /etc/php5/apache/php.ini. It will most likely be commented with a # sign. Remove the # sign and add the document root of your website. If you virtualhost, you can add the root of all documents served.
Also turn off several other parementers.
allow_url_fopen
allow_url_include
display_errors
register_globals
safe_mode
Also turn off the Magic Quotes options in php.ini. In /etc/apache2/apache2.conf turn off the signature option. Search for “ServerSignature”. There is an apache modules that should be iplemented; mod security; I’ll save it for the next post.
Project Honey Pot – Real Time Spam Traps »« Cable Internet – Isolate the Problem
The mount terminal command allows you to actually mount a physical, or logical volume. To mount something you would add a variety of options, and specify what partition or drive you want to add. If you do not specify any options you will be provided with a list of all mounted partitions, and drives: 