Archive for March, 2008

Security Enhancement for Apache, PHP and MySQL

By PhDs,  (© Copyright reserved), March 20, 2008 at 7:12 am · Category: Linux Admin

No GoodNeed ImprovementOKGoodExcellent (No Ratings Yet)
Loading ... Loading ...

1, Prevent DOS Attacks

download and install mod_evasive: http://www.zdziarski.com/projects/mod_evasive/

2, Limit MySQL Network Access

edit /etc/my.cnf to add the following line:

skip-networking

bind-address = 127.0.0.1

3, change MySQL root user’s password:

mysql mysql -u root

UPDATE user SET Password=PASSWORD(’xxx’) WHERE user=’root’;
flush privileges

4, Disable PHP functions:

edit etc/php.ini add the following line

disable_functions = show_source, system, shell_exec, passthru, phpinfo, proc_open, proc_nice

make sure the following parameters are set correctly:

register_globals = Off
allow_url_fopen = Off
allow_url_include = Off
display_errors = Off
log_errors = On

Ref: http://www.conftool.net/en/technical_documentation/security_hints.html

Popularity: 1%

Comments

Web security: Find out who was trying to break into your web sites

By PhDs,  (© Copyright reserved), March 19, 2008 at 8:59 am · Category: Linux Admin

No GoodNeed ImprovementOKGoodExcellent (No Ratings Yet)
Loading ... Loading ...

Use the following shell script to send you an email (use cron job)

#!/bin/sh
#TODAY=$(date)
#echo $TODAY

Year=`date +”%C%y”`
Month=`date +”%b”`
Day=`date +”%d”`

cat /var/log/httpd/*.log* |grep “login”|grep $Day/$Month/$Year>login.log
mail xxx@gmail.com -s “apache login attempts” <login.log

Popularity: 1%

Comments

Performance Tuning of Apache and PHP

By PhDs,  (© Copyright reserved), March 18, 2008 at 10:24 pm · Category: Linux Admin

No GoodNeed ImprovementOKGoodExcellent (2 votes, average: 4 out of 5)
Loading ... Loading ...

1, Tuning Apache:

1.1 Edit httpd.conf, Configuration of the prefork MPM

StartServers 50

MinSpareServers 15

MaxSpareServers 30

MaxClients 225

MaxRequestsPerChild 4000

1.2, Make sure KeepAlive is on

KeepAlive On

2, Tuning PHP:

2.1 Install eAccelerator

see http://www.my-whiteboard.com/linux-admin/how-to-install-eaccelerator-for-php-on-centos-and-redhat.html for details, commands:

wget http://downloads.sourceforge.net/eaccelerator/eaccelerator-0.9.5.2.zip?modtime=1188830343&big_mirror=0

unzip eaccelerator-0.9.5.2.zip

cd eaccelerator-0.9.5.2.zip

phpize

./configure –enable-mmcache=shared –with-php-config=/usr/bin/php-config

make; make install

cp eaccelerator.ini /etc/php.d/.

2.2. Edit /etc/php.d/eaccelerator.ini,

vi /etc/php.d/eaccelerator.ini

extension="eaccelerator.so"

;zend_extension="/usr/lib/php4/eaccelerator.so"

eaccelerator.shm_size=”64″

eaccelerator.shm_ttl = “60″

2.3. Make sure /etc/sysctl.conf has enough maximum shared memory size.

kernel.shmmax = 4294967295

2.4. Run sysctl -p

sysctl -p

2.5. Edit php.ini (/etc/php.ini)

max_execution_time= 30

max_input_time = 60

memory_limit = 32M

output_buffering = 4096

3. Restart apache:

apachectl restart

Popularity: 1%

Comments

« Previous Next »

Featured Posts

Remove CiD Help popup adware and malware by adserverplus from your Windows computer



Popular

Recent

Top Rated