Hello, I have a question pertaining to Apache virtual hosts.
I am currently running a 4-year-old server (Fedora Core 4) hosting about 80 websites configured as Apache 2 virtual hosts and running PHP. (this server also runs BIND, Sendmail, and a CGI webmail program). I have a brand new server that I want to migrate these sites to. I am trying to learn the best way to secure this server. Currently I'm using PHP safe_mode (which is deprecated in the newest versions of PHP), but not much else, and I'm not happy with this setup.
I have read a ton of documentation about SuExec and suPHP, and as I can tell, they are very similar in their function.
To test various options, I have implemented a CentOS 5 install on my new server, with Virtualmin and its default modules installed using the Virtualmin installer script. It automatically installed and configured Apache with SuExec enabled for the /home directory. I have tested and this works great: users' PHP scripts are run with their user credentials instead of the 'apache' user. So far, this is as it should be.
However, I'm seeking to add more security because I don't like the idea of my hosting users being able to read /etc/passwd or list all the mail files in /var/spool/mail. Also, I have no idea what files in /etc (or any other directories) could possibly contain passwords or other sensitive information, so I'd rather err on the side of caution by blocking access to any unnecessary directories and files.
In my tests, I created a PHP file on one virtual host which simply takes an input and 'exec's it. I could exec such things as 'cat /etc/passwd' and 'ls /var/spool/mail' and see the entire output because these files/directories have world readable permissions. However I could not execute such commands as 'cat /etc/shadow' since that file is not world-readable.
My real question is this: what files/directories can I remove world-readable permissions from without breaking the O/S? Apache apparently requires world-readable permission on /etc because it stopped serving pages when I removed this permission
I just don't feel comfortable with users being able to see *everyone's* username and get a list of everyone's email addresses by looking in /var/spool/mail. I'm sure there are other files which users shouldn't see as well. I'm just not sure where they are.
So the real question is:
If you wanted to secure such a server, which directories and files could be set as non-world-readable without compromising system stability?
Or is there a better way?
Thank you very much for any information!