LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Permissions, users and security with Apache, suPHP and vsftpd and on vps (http://www.linuxquestions.org/questions/linux-server-73/permissions-users-and-security-with-apache-suphp-and-vsftpd-and-on-vps-842367/)

pernest 11-04-2010 02:13 PM

Permissions, users and security with Apache, suPHP and vsftpd and on vps
 
I've just got my hands on a vps with centos 5.5 and have been having a lot of fun configuring it. I'll give a bullet pointed list of what I want to do, what I have and what restrictions I'm facing:
  • Will be hosting multiple small low trafic sites using Apache virtual hosts
  • Some sites will be Joomla!
  • Want to allow ftp access for Joomla! to virtual host webroot directories
  • Want to stop php from accessing system files
  • selinux cannot be installed with my hosting companies virtualisation

I want to isolate and secure each virtual host as much as possible and I was trying to figure out the best way to do this. So far the security measures I've been considering are:
  • Use PAM to create virtual users for vsftpd, so that ftp users are not system users and have no shell access.
  • Chroot vsftpd users to their Apache virtual host webroot
  • Use suPHP
  • PHP safe mode
  • PHP disable functions such as exec
  • Create multiple system users with very restricted rights, one for each Apache virtual host
  • Use php directive open_basedir

I know that these are not all compatible with one another, and some will be much more effective than others. I was hoping for some guidance as to the most sensible way to go about securing my VPS, whilst at the same time allowing the functionality I need to provide.

I know that this issue has been covered countless times on this forum and others, but I'm having trouble assimilating all this information into a best practice that I will implement.

Thanks

mazhar_theone 11-04-2010 03:08 PM

Quote:

Originally Posted by pernest (Post 4149309)
I've just got my hands on a vps with centos 5.5 and have been having a lot of fun configuring it. I'll give a bullet pointed list of what I want to do, what I have and what restrictions I'm facing:
  • Will be hosting multiple small low trafic sites using Apache virtual hosts
  • Some sites will be Joomla!
  • Want to allow ftp access for Joomla! to virtual host webroot directories
  • Want to stop php from accessing system files
  • selinux cannot be installed with my hosting companies virtualisation

I want to isolate and secure each virtual host as much as possible and I was trying to figure out the best way to do this. So far the security measures I've been considering are:
  • Use PAM to create virtual users for vsftpd, so that ftp users are not system users and have no shell access.
  • Chroot vsftpd users to their Apache virtual host webroot
  • Use suPHP
  • PHP safe mode
  • PHP disable functions such as exec
  • Create multiple system users with very restricted rights, one for each Apache virtual host
  • Use php directive open_basedir

I know that these are not all compatible with one another, and some will be much more effective than others. I was hoping for some guidance as to the most sensible way to go about securing my VPS, whilst at the same time allowing the functionality I need to provide.

I know that this issue has been covered countless times on this forum and others, but I'm having trouble assimilating all this information into a best practice that I will implement.

Thanks

First of all, do not set following php settings unless there is no other work around to make your sites work.

display_errors = On
allow_url_fopen = On
allow_url_include = On
max_execution_time = (set this as low as you can).

Hide the webserver name and version in apache settings.

If you are using SuExec then make sure the user (for webserver / php) under which website or php will run do not have write access to any of your files inside or outside of your sites DocumentRoot. (except session path)

Few web application really need safe_mode Off to function properly. So try to make a work around if you setting this On.

Few most voulnarable php funtions which should be disabled that could be used against the site.

phpinfo - shows information about php settings.

shell_exec - execute command via shell and return the complete output as a string

exec - It executes an external command.

system - It executes an external program and display the result.

ftp_connect- Opens an FTP connection

ftp_login- Logs in to an FTP connection

ftp_exec- Requests execution of a command on the FTP server

ftp_put- Uploads a file to the FTP server

ftp_get- Downloads a file from the FTP server

Refer this URl for more

pernest 11-04-2010 03:33 PM

Hi thanks for the response, you've raised some points that I will certainly look into. However your answer seems to focus on securing php, rather than the server itself.

Quote:

Originally Posted by mazhar_theone (Post 4149375)
Few web application really need safe_mode Off to function properly. So try to make a work around if you setting this On.

PHP safe mode is deprecated in the current release and is due for removal in php6. I've read that the reason for this is to stop people relying on safe mode as it give a false sense of security.

Quote:

Originally Posted by mazhar_theone (Post 4149375)
Few most voulnarable php funtions which should be disabled that could be used against the site.
phpinfo - shows information about php settings.
shell_exec - execute command via shell and return the complete output as a string
exec - It executes an external command.
system - It executes an external program and display the result.
ftp_connect- Opens an FTP connection
ftp_login- Logs in to an FTP connection
ftp_exec- Requests execution of a command on the FTP server
ftp_put- Uploads a file to the FTP server
ftp_get- Downloads a file from the FTP server
Refer this URl for more

Unfortunately as the article I refer to above states, these lists are usually not exhaustive and if one function is missed, then there was no point in whole disabling process in the first place.

Of course I will seriously consider disabling dangerous functions that I don't need, but I want to tackle security on an OS/web server level, rather than script level.

razero 07-21-2011 04:54 PM

Hi all

first thanks, I didn't know about ftp_* php functions.

I am running vsftp on a LAMP
The server runs many websites (cms like Typo3) and for each instance I have to crate an FTP account:
so I added the user to the group www-data (ubuntu) and I changed the permissions as follows:
find /var/www/theinstance/ -type f -exec chmod 664 {} \;
find /var/www/theinstance/ -type d -exec chmod 775 {} \;
The problem is now that if a customer creates a file over Typo3 (or any CMS) the file's permissions will change to 644 for files and 755 for directories.
The ftp user is now not able to edit those files.
I changed the umask /etc/profiles to 002. I did solve the problem!

I am a little concerned about security.
Could I cause some security issue with the permission configuration I made?

Thanks for any suggestion.

(=AA=) 07-21-2011 11:19 PM

You should run apache with suExec and FastCGI, that way permissions on files for each virtual host stay as the user they belong to. This also integrates well with FTP, but make sure FTP is set up securely.

http://linux-101.org/howto/apache-vi...cgi-and-suexec

razero 07-22-2011 09:16 AM

Thank you (=AA=)

nice hint, FastCGI is up an running, you saved me!

FTP at the moment is not a big issue for me. I have just some IP's that I have to allow on FTP for now.
But it is secure anyway (at least I think so)...


All times are GMT -5. The time now is 05:01 AM.