-
Create a specific user for backups purpose with read-only permissions
-
GRANT SHOW DATABASES, SELECT, LOCK TABLES, RELOAD ON *.* to backup@localhost IDENTIFIED BY ‘password’;
-
FLUSH PRIVILEGES;
-
-
it’s also possibl with a .htaccess file and “deny from all ” in that file
-
-
perl -le ‘print crypt(“password”, “salt”)’
-
-
-
-
/etc/apache2/apache2.conf
-
> ServerTokens Prod
-
> ServerSignature Off
-
/etc/php5/apache2/php.ini
-
> expose_php = Off
-
-
Most vulnerability scanners will complain about TRACE method being enabled on the web server tested. This tip disable it and return a 403 FORBIDDEN error to the client (apache versions newer than 1.3.34 for the legacy branch, and 2.0.55 for apache2).
This needs to be added in the main server config and the default is enabled (on): TraceEnable Off
-
Permet par exemple de laisser des internautes déposer des fichiers dans un répertoire. Si on ne veut pas qu’ils puissent déposer un fichier PHP et l’exécuter, on peut vouloir empêcher l’exécution de PHP dans ce répertoire.
-
# ajouter la conf suivante dans votre VirtualHost
-
<Location /upload/>
-
AddType text/plain .php .php4 .php5 .phtml .py .pl .cgi .rb
-
</Location>
-
-
Prevent flooding
Switch# conf t Switch1(config)# interface ethernet 0/4 Switch1(config-if)# port secure max-mac-count 100
“security” related tags
spirit’s tags
access apache apache2 apt arguments auditd auth awk backup backups bandwidth bash bridge cache cd charset cisco commands conversion cron css date debian debug default diff directories directory distance dns dom du eth ethernet excel exclude files find firefox flash forms function hacks headers history hosts htaccess html http https ie ifconfig images input ip javascript jobs kill latitude linux log logging longitude mac mail maps merge monitoring mysql network nginx openssl packages performance performances perl php red hat regex restore root route rpm script security server shell ssh ssl svn switch syslog tail trunk unix virtualhost vlan vmware windows yum