RE: Many Virtual Hosts security problem with PHP

2002-04-20 Thread Arild Evensen
You can also put other directives in section, like Addtypes for scripting and other file types. Override settings for .htaccess. Other php related settings.(includepath, sendmail from, upload tmp dir,..) errdoc,... Keep ftp root over www root, gives you a private space to have includefiles, tm

enforcing resource limits

2002-04-20 Thread Ian Cumming
Hi, I was thinking of playing with /etc/security/limits.conf, however I am now having second thoughts... The Debian Security HOWTO has this file in the contents, but no actual discussion. I then had a look around the web and usenet, and while I found alot of people making reference to limits.conf

Re: Many Virtual Hosts security problem with PHP

2002-04-20 Thread hpknight
If you run php in safe mode and set your PHP open_basedir to the DocumentRoot for the domain, then they cannot open any files outside of that directory. In php.ini: safe_mode = on Then in your : php_admin_flag engine on php_admin_value open_basedir "/var/www/vhosts/domain.com/htdocs:/tmp" You

Many Virtual Hosts security problem with PHP

2002-04-20 Thread Gustavo Felisberto
I have a machine with many virtual hosts. Some of the virtual hosts are maintained by clients (we serve as web hosting company) and some are internal. The external accounts are loked out of the main fylesystem using proftpd chroot feature and by having /dev/null as the shell. My problem is that eve

enforcing resource limits

2002-04-20 Thread Ian Cumming
Hi, I was thinking of playing with /etc/security/limits.conf, however I am now having second thoughts... The Debian Security HOWTO has this file in the contents, but no actual discussion. I then had a look around the web and usenet, and while I found alot of people making reference to limits.con

Re: Many Virtual Hosts security problem with PHP

2002-04-20 Thread hpknight
If you run php in safe mode and set your PHP open_basedir to the DocumentRoot for the domain, then they cannot open any files outside of that directory. In php.ini: safe_mode = on Then in your : php_admin_flag engine on php_admin_value open_basedir "/var/www/vhosts/domain.com/htdocs:/tmp" You

Many Virtual Hosts security problem with PHP

2002-04-20 Thread Gustavo Felisberto
I have a machine with many virtual hosts. Some of the virtual hosts are maintained by clients (we serve as web hosting company) and some are internal. The external accounts are loked out of the main fylesystem using proftpd chroot feature and by having /dev/null as the shell. My problem is that ev

Re: what is means ? + rootkits..

2002-04-20 Thread Sam Couter
Jan Johansson <[EMAIL PROTECTED]> wrote: > Now, run AIDE check periodically (nightly) against that db. And all is well. Here's a weakness: The attacker can replace AIDE (or any libraries it links to, if any exist, or even the kernel) with a fake that just says "Everything's OK" without really chec

unsubscribe

2002-04-20 Thread Richard Ottens
unsubscribe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: what is means ? + rootkits..

2002-04-20 Thread Sam Couter
Jan Johansson <[EMAIL PROTECTED]> wrote: > Now, run AIDE check periodically (nightly) against that db. And all is well. Here's a weakness: The attacker can replace AIDE (or any libraries it links to, if any exist, or even the kernel) with a fake that just says "Everything's OK" without really che

unsubscribe

2002-04-20 Thread Richard Ottens
unsubscribe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]