LAMP security reinforcement & #65279; PHP (1)

 

Figure-LAMP

I use my LAMP.LAMP SecurityWorried, I think everyone has such troubles! Let's take a look at my methods.

PhpAspect:

1. Enable the php security mode

The security mode of php is a very important embedded security mechanism that can control some functions in php, such as system () and control permissions for many file operation functions, files of some key files, such as/etc/passwd, but the default php. ini does not enable the security mode. We open it: safe_mode = on

When safe_mode is enabled and safe_mode_gid is disabled, php scripts can access files and users in the same group can also access the files. Recommended Value: safe_mode_gid = off

If you do not set it, you may not be able to operate the files under the website directory of our server, for example, when you need to operate the files.

2. Main directory of the execution program in Safe Mode

If security mode is enabled, but you want to execute some programs, you can specify the main directory of the program to be executed: safe_mode_exec_dir = D:/usr/bin

Generally, you do not need to execute any program. Therefore, we recommend that you do not execute the system program directory. you can point to a directory and copy the program to be executed. For example: safe_mode_exec_dir = D: /tmp/cmd

However, I recommend that you do not execute any program, so you can point to our webpage directory:

Safe_mode_exec_dir = D:/usr/www

3. File Inclusion in Safe Mode

If you want to include some public files in safe mode, modify the following options:

Safe_mode_include_dir = D:/usr/www/include/

In fact, the files contained in the php script are all written in the program itself, which can be set as needed.