[Guide] DirectAdmin server security: Section III - Install suPHP security DirectAdmin

In the previous tutorial, we install mod_security to enhance security for web servers. However mod_security can not filter everything. This article will address the need to install suPHP, and 1 Some system configurations.

Section III - Install suPHP security DirectAdmin

1. Installing suPHP

Note: suPHP does not allow use php_flag and php_value in htaccess file. So these websites use this set may be faulty 500 Web access. We'll check the site using this setup and removal (comment) them before installing suPHP

find /home/*/domains/*/public_html -name “.htaccess” | xargs grep “php_”

Install suPHP

cd /usr/local/directadmin/custombuild
./build update
./build clean
./build set php5_cgi yes
./build set php5_cli no
./build all d
./build rewrite_confs
./build secure_php

Now we're going to share books 1 số file thực thi (binaries) to prevent unauthorized access. This is very encouraging in a shared hosting environment:

chmod 700 /usr/bin/c
chmod 700 /usr/bin/g
chmod 700 /usr/bin/gcc
chgrp apache /usr/bin/lynx; chmod 705 /usr/bin/lynx
chgrp apache /usr/local/bin/curl; chmod 705 /usr/local/bin/curl
chgrp apache /usr/bin/curl; chmod 705 /usr/bin/curl
chgrp apache /usr/bin/wget; chmod 705 /usr/bin/wget
chmod 700 /bin/uname
chmod 700 /usr/bin/python

You can mount / tmp as noexec to prevent the script is run from it:

Note: If your server has shared / home partition, you can mount / home with noexec for more security for your server.

mount -t tmpfs -o noexec,nosuid tmpfs /tmp/
cp /etc/fstab /etc/fstab.backup
echo “tmpfs /tmp tmpfs noexec,nosuid 0 0” >> /etc/fstab
rm -rf /var/tmp
ln -s /tmp /var/tmp

Now your DirectAdmin server has really improved in terms of security! In the next tutorial, we're going to address one of the possible ways to ensure that e-mail on your server.

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

[Guide] DirectAdmin server security: Section III - Install suPHP security DirectAdmin, 5.0 out of 5 based on 1 rating