PHP DSO
DSO – Dynamically Shared Objects
Apache with PHP can be installed in two different ways.
- Statically embed the PHP binary into the Apache binary. This is probably the fastest and best way to run PHP
- Install Apache and PHP is by using Apache’s DSO module
Why DSO?
Apache supports adding modules on instead of embedding them in the httpd binary. This works well when you don’t want to re-compile Apache each time a module is updated, or if you want to add on numerous modules for development purposes
System Administrators Dream: Allows developers to upgrade PHP without having to recompile Apache
(more…)
S.M.A.R.T.D
Whats it?
Smartd stands for SMART Disk Monitoring Daemon.
smartd is a daemon that monitors the Self-Monitoring, Analysis and Reporting Technology (SMART) system built into many ATA-3 and later ATA, IDE and SCSI-3 hard drives.
SMART is a monitoring system for computer hard disks to detect and report on various indicators of reliability, in the hope of anticipating failures.
(more…)
Mod_Security 2.5
Need for a Webserver Security Module
It is pretty difficult to secure application software’s. Common targets are Open Source software like PHPNuke. An attacker can easily find out vulnerabilities in the code.
If your application is vulnerable to SQL injection, invoking the URL above may very well delete all user data from your application.
You can use mod_rewrite to avoid this attack. it is very easy to detect the words drop and table, and then redirect the client away from the original URL. A determined attacker could simply invoke the same URL as above but use the POST method instead of GET. Since POST variables are not considered in the normal processing of most modules, the attack would go through.
To prevent the “drop table” SQL injection attack with mod_security, add the following to your Apache configuration:
SecFilter “drop[[:space:]]table”
The only parameter is a regular expression to be applied to the incoming request. This seems achievable with mod_rewrite, but the difference here is that mod_security will detect and prevent attacks performed using either GET or POST.
(more…)
suPHP
suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.
Main Features of SuPHP
suPHP provides an additional layer of protection on servers. It causes php scripts to run under the account username instead of the user ‘nobody’ which is the user that apache/php would run under on a server that is not running suPHP.
This feature allows us to more easily track any potential security breaches that come in via insecure php script(s) that a user is running.
suPHP also does away with the requirement of using 777 permissions on directories/files that need write permission. In fact if a directory and/or file has the permission set to (CHMOD) 777 and it is access via a browser, then an internal server error 500 will be generated. The highest level of permissions that a user can use on a suPHP enabled server is 755. This permission setting is sufficient enough for any directories/files that needs to be written to.
(more…)
