Tighten up security

A list of things you can do to improve your (ubuntu) server security.

Install mod_evasive and mod_security

apt-get install libapache2-mod-evasive libapache-mod-security
mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

Tweak php.ini (/etc/php5/apache2/php.ini)

# append those to disable_functions
# system,show_source,symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd

allow_url_fopen = Off

open_basedir = /home/www-data/

Install curl so you can still grab remote files after fopen turned off

apt-get install curl php5-curl

Install fail2ban

apt-get install fail2ban

Let unattended upgrades

apt-get install unattended-upgrades
dpkg-reconfigure unattended-upgrades

Leave a Reply