More Security for bin Files & Apche & php.ini

0
1647

STEP 1 – APACHE

You need to rebuild apache, and in one of the apache steps you need to chose the “File Security” this addon will chmod the directories as we will see in the configuration of the other steps.
Then after doing this go to Apache Config in cpanel and uncheck this to

Code:
pico /usr/local/apache/conf/httpd.conf
  • ExecCGI
  • FollowSymLinks

STEP 2 – CHMOD’ING
Now Enter into your VPS thru Filezilla, or whatever software you feel comfortable to chmod some files.
CHMOD THIS FILES AS EXPLAINED BELOW.

Code:
chmod 0700 /bin/ln
chmod 0700 /bin/cat
chmod 0700 /bin/pwd
chmod 0700 /bin/kill
chmod 0644 /bin/umount
chmod 0700 /bin/doexec
chmod 0700 /bin/link
chmod 0700 /bin/chmod
chmod 0700 /bin/netstat
chmod 0500 /bin/ps
chmod 0700 /bin/df
chmod 0700 /usr/bin/lynx
chmod 0700 /usr/bin/gcc
chmod 0700 /usr/bin/nc
chmod 0700 /usr/bin/wget
chmod 0700 /usr/bin/scp
chmod 0700 /usr/bin/cvs
chmod 0700 /usr/bin/telnet
chmod 0700 /usr/bin/symlinks
chmod 0700 /usr/bin/tail
chmod 0700 /usr/bin/tailf
chmod 0700 /usr/bin/du

STEP 3 – PHP.INI
Now its time to add some security to the PHP.INI
go to the folder where the php.ini is located open it with a notepad++
And do the following:

Code:
 			 				pico /usr/local/lib/php.ini

Serch about this safe_mode_gid by Ctrl + W
Change it to :

Code:
safe_mode_gid = On
safe_mode_exec_dir = “/nonexec”

Add this

Code:
open_basedir = "/home/:/home3/:/usr/lib/php:/usr/local/lib/:/tmp:/usr/local/Zend/etc/"

(Now depends on where your home directory is change it as you need it)
4.
Also this with php.ini
Serch about disable_functions
Add this functions

Code:
disable_functions = "disk_total_space, diskfreespace, apache_note, apache_setenv, closelog, debugger_off, debugger_on, define_syslog_variables, escapeshellarg, escapeshellcmd, ini_restore, openlog, passthru, pclose, pcntl_exec, popen, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, url_exec, base64_encodem, phpinfo, readlink, eval, root, symlink"

STEP 4 – httpd.conf
Now we need to go to httpd.conf (the file is located on apache folder)
And edit it, and find “AllowOverride” and Replace it with “AllowOverride AuthConfig FileInfo Indexes Limit Options=Includes,Indexes,MultiViews

And if you wana increase your security more, just chmod the home directory to 751 or 711.

Leave A Reply

Please enter your comment!
Please enter your name here