Security

From Sit
Jump to: navigation, search


Broom icon32.png This is a draft article (or section) and is a work-in-progress.
Please help us and our readers by clicking the edit link above and expanding/improving this text.

Contents

Tips on better security

Let me start by saying that this is not how to make the ultimate security precautions, but it's a step in the right direction. You can follow the steps after SiT! has been successfully installed.

Secure SiT!

You can start be securing the SiT! folder, by changing the owner and group of all files to the user the webserver is running as. The users are called differently on different Linux dists, but you can always look in the users database who has user id 80. I'm listing some common names here

  • www-data
  • apache
  • www
  • web

to change the owner on the SiT! folder, simply run as root on a *nix system from the shell

chown www:www /path/to/sit

After this you should remove all unnecessary permissions, by giving read only permissions to all files and folders in the SiT! directory to the apache user and group, and removing access to other which is the anonymous user or everyone as some might call it. Only one folder needs to be writeable, and thats the attachments folder.

chmod -R o-rwx /path/to/sit
chmod -R g-wx /path/to/sit
chmod -R u-w /path/to/sit
chmod -R u+w /path/to/sit/attachments*
  • The first line removes all access, read/write/execute from the anonymous user other, on all SiT! files and folders recursively
  • The second line removes write and execute access from the group, on all SiT! files and folders recursively
  • The third line removes write access from all files and folders, on all SiT! files and folders recursively
  • The fourth line adds write permissions on SiT!s attachments files and folders recursively

As a last step you could remove all executable permissions on all files, thought the easiest way to do this is to remove all executable rights on the SiT! folder, and then add them again on all folders again, in order to change directory, you need to have execute rights on it.

Securing the host

Broom icon32.png This is a draft article (or section) and is a work-in-progress.
Please help us and our readers by clicking the edit link above and expanding/improving this text.


  • The host should be secured by a firewall, so only minimal access to it is possible, whatever port the webserver is using (usually port 80) should be open and be accessible from the users.
  • The host (specially Windows) should have (not limited to) antivirus, antimalware and antispyware running protecting the system at all times
  • The host should be updated as often as possible with (but not limited to) security updates and fixes
  • Limited system access, keep the amount of users who can access the servers console/terminal to a minimum.
  • use a strong passwords for those users, including root. Strong passwords are considered to be minimum 8 characters long, and have (but not limited to) mixed lowercase, uppercase characters, numbers and symbols
  • If there is remote access to the server, this access should be limited to only the required hosts
  • Any other kind of remote admin system/appication access should be restricted as much as possible, limiting the amount of users and hosts.
  • Make a backup of your system as often as is required depending on how much data you can loose, make sure you have a restore plan.

Securing the MySQL server

Broom icon32.png This is a draft article (or section) and is a work-in-progress.
Please help us and our readers by clicking the edit link above and expanding/improving this text.

The database user only requires the following permissions on the SiT database:

  • Data
SELECT
INSERT
UPDATE
DELETE

Structure

* CREATE
* INDEX
* DROP
* ALTER

Disclaimer

The info given is overall guide and might not suit your business/installation. We cannot be held responsible if you in any way loose data or crash your system using this information.

Personal tools
project