So far I’ve:
Only allowed SSH access to ubuntu user using passphrase key pair.
Restricted access to PHPMyAdmin to only our IP.
Renamed PHPMyAdmin alias to something less obvious.
MySQL access only allowed on Localhost.
Installed DenyHosts. (running ‘tail -n500 -f -s3 /var/log/auth.log’ showed hundreds of attempted logins from dictionary attacks already).
Open TCP ports are:
22 (SSH)
80 (HTTP)
443 (HTTPS)
3306 (MYSQL)
Everything else is closed. All ICMP traffic is blocked .
UDP:
0 – 65535 are closed.
PHP.ini additions:
On the PHP side , added these to PHP.ini:
disable_functions = php_uname, getmyuid, getmypid, passthru, leak, listen, diskfreespace, tmpfile, link, ignore_user_abord, shell_exec, dl, set_time_limit, exec, system, highlight_file, source, show_source, fpaththru, virtual, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix, _getppid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_isatty, posix_kill, posix_mkfifo, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, proc_open, proc_close, proc_get_status, proc_nice, proc_terminate, phpinfo
display_errors = Off
allow_url_fopen = Off
allow_url_include = Off
Recent Comments