Join the community today
Register Now

CentOS 7 Beta Branch tighten MariaDB MySQL and PHP-FPM security for .08 beta

Discussion in 'Centmin Mod Github Commits' started by eva2000, Mar 8, 2015.

  1. eva2000

    eva2000 Administrator Staff Member

    36,841
    8,064
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,422
    Local Time:
    11:57 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    tighten MariaDB MySQL and PHP-FPM security for .08 beta
    open_basedir http://php.net/manual/en/ini.core.php#ini.open-basedir at Nginx vhost level
    local-infile http://dev.mysql.com/doc/refman/5.6/en/load-data-local.html
    disable_functions http://centminmod.com/getstarted.html#14

    Continue reading...
     
    • Informative Informative x 2
  2. rdan

    rdan Premium Member Premium Member

    4,365
    1,052
    113
    May 25, 2014
    Ratings:
    +1,521
    Local Time:
    9:57 PM
    Mainline
    10.2
    By the way this restriction slow down or even kills PHP-FPM process when a web app script like wordpress embed on it's config wrong full path directory and also with a directory that doesn't exist.

    So from now on I have this commented out.
     
  3. eva2000

    eva2000 Administrator Staff Member

    36,841
    8,064
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,422
    Local Time:
    11:57 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    could you elaborate ? examples?
     
  4. rdan

    rdan Premium Member Premium Member

    4,365
    1,052
    113
    May 25, 2014
    Ratings:
    +1,521
    Local Time:
    9:57 PM
    Mainline
    10.2
    When Default WordPress Uploads Folder changed, and hard coded on config to wrong directory like /home/user/public_html/, uploading images on wp-admin kills PHP with open_basedir enabled.
    Without it, it simply fails instant.
     
  5. eva2000

    eva2000 Administrator Staff Member

    36,841
    8,064
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,422
    Local Time:
    11:57 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    is this with manually installed wordpress or centmin mod auto installed wp ??
     
  6. rdan

    rdan Premium Member Premium Member

    4,365
    1,052
    113
    May 25, 2014
    Ratings:
    +1,521
    Local Time:
    9:57 PM
    Mainline
    10.2
    Manually installed. I transferred a WP site from Godaddy Cpanel installed.
    So open_basedir is not that good to have.
     
    • Informative Informative x 1
  7. rdan

    rdan Premium Member Premium Member

    4,365
    1,052
    113
    May 25, 2014
    Ratings:
    +1,521
    Local Time:
    9:57 PM
    Mainline
    10.2
    and I disable it in all my server :).
     
..