Discover Centmin Mod today
Register Now

CentOS 7 Beta Branch tighten MariaDB MySQL and PHP-FPM security for .08 beta

Discussion in 'Centmin Mod Github Commits' started by eva2000, Mar 8, 2015.

  1. eva2000

    eva2000 Administrator Staff Member

    54,606
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    11:02 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    tighten MariaDB MySQL and PHP-FPM security for .08 beta
    open_basedir http://php.net/manual/en/ini.core.php#ini.open-basedir at Nginx vhost level
    local-infile http://dev.mysql.com/doc/refman/5.6/en/load-data-local.html
    disable_functions http://centminmod.com/getstarted.html#14

    Continue reading...

     
  2. rdan

    rdan Well-Known Member

    5,446
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    9:02 AM
    Mainline
    10.2
    By the way this restriction slow down or even kills PHP-FPM process when a web app script like wordpress embed on it's config wrong full path directory and also with a directory that doesn't exist.

    So from now on I have this commented out.
     
  3. eva2000

    eva2000 Administrator Staff Member

    54,606
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    11:02 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    could you elaborate ? examples?
     
  4. rdan

    rdan Well-Known Member

    5,446
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    9:02 AM
    Mainline
    10.2
    When Default WordPress Uploads Folder changed, and hard coded on config to wrong directory like /home/user/public_html/, uploading images on wp-admin kills PHP with open_basedir enabled.
    Without it, it simply fails instant.
     
  5. eva2000

    eva2000 Administrator Staff Member

    54,606
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    11:02 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    is this with manually installed wordpress or centmin mod auto installed wp ??
     
  6. rdan

    rdan Well-Known Member

    5,446
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    9:02 AM
    Mainline
    10.2
    Manually installed. I transferred a WP site from Godaddy Cpanel installed.
    So open_basedir is not that good to have.
     
  7. rdan

    rdan Well-Known Member

    5,446
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    9:02 AM
    Mainline
    10.2
    and I disable it in all my server :).