Quote:
Originally Posted by grniyce
IrPr, you stated php in parallel of webserver/mod_security. If the above is true, would I be meeting that goal?
|
For PHP there are some security measures in CSF Server security check such as open_basedir, disable_functions, enable_dl
What mod_security rules are you using? you can find some up2date rules from http://www.gotroot.com/tiki-index.ph...security+rules
Mod_security audit_log has been implemented in LSWS 4.0 also, you can set your audit_log path in CSF and check for security logs there which is very userfriendly, or set LFD rules in your CSF configuration to block attackers automatically
Quote:
Originally Posted by grniyce
Also... you stated the malicious functions. Can you explain to me which ones I should apply, and if they go in php.ini disable_functions=blah, blah, blah?
|
Yes, using disable_functions directive in php.ini
I disabled these functions on my shared servers:
Code:
fpassthru,crack_check,crack_closedict,crack_getlastmessage,crack_opendict,psockopen,php_ini_scanned_files,hell-exec,system,dl,ctrl_dir,phpini,tmp,safe_mode,systemroot,server_software,get_current_user,HTTP_HOST,php_uname,ini_restore,popen,pclose,exec,shell_exec,suExec,passthru,proc_open,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,escapeshellcmd,escapeshellarg,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_setegid,posix_seteuid,posix_setgid,posix_times,posix_ttyname,posix_uname,posix_access,posix_get_last_error,posix_mknod,posix_strerror,posix_initgroups,posix_setsidposix_setuid
various functions disabled but it kills all of phpshells/exploits and all of my scripts are working as well, you may remove some functions if it breaks your scripts
you can disable posix functions in php configure script using '--disable-posix' too
Quote:
Originally Posted by grniyce
I do have open_basedir turned off in WHM.
|
turned off? you mean open_basedir protection has been enabled in WHM -> Security Center -> Tweak PHP open_basedir Security ?
Quote:
Originally Posted by grniyce
Safe_mode gives some errors with the bulletin boards that I run, as does suhosin.
|
You can turn safe_mode on globally and turn if off individually for each VH using php_admin_value safe_mode 0 directive in VirtualHost section in httpd.conf
for suhosin i use this values in php.ini:
Code:
[suhosin]
extension=suhosin.so
suhosin.post.max_vars = 1024
suhosin.request.max_vars = 1024
suhosin.get.max_value_length = 1024
Quote:
Originally Posted by grniyce
Any other suggestions?
|
We know Litespeed is awesome in performances, but there is alot of security features in LSWS either!
To increase your CGI security you may re-install LSWS with chroot enabled but it may break some scripts, however its working like a charm for me
Also you can secure your server for DDoS attacks, check this out: http://www.litespeedtech.com/library/howto/#qa_dos
I suggest you restrict your SSH and WHM daemons only to your own IP addresses if its static, or to your range if dynamic in WHM -> Security Center -> Host Access Control
If you allow your own IP addresses and DENY ALL no one can access into your server even with root pw!
Also upgrade to mysql5 if you are on mysql4, there are vulnerabilities in mysql4 which attacker can bypass open_basedir and access files out of its home, there is a lot of performances in mysql5 either
Now you may upload some phpshells and make sure they are fully killed
common phpshells are available here: www[dot]shellci[dot]biz
Good luck 
Last edited by IrPr; 03-28-2009 at 06:24 PM..
|