Welcome to Centmin Mod Community
Register Now

CentOS 7 Beta Branch tighten MariaDB MySQL and PHP-FPM security for .08 beta

Discussion in 'Centmin Mod Github Commits' started by eva2000, Mar 8, 2015.

  1. eva2000

    eva2000 Administrator Staff Member

    30,947
    6,915
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,413
    Local Time:
    2:27 PM
    Nginx 1.13.x
    MariaDB 5.5
    tighten MariaDB MySQL and PHP-FPM security for .08 beta
    open_basedir http://php.net/manual/en/ini.core.php#ini.open-basedir at Nginx vhost level
    local-infile http://dev.mysql.com/doc/refman/5.6/en/load-data-local.html
    disable_functions http://centminmod.com/getstarted.html#14

    Continue reading...
     
    • Informative Informative x 2
  2. RoldanLT

    RoldanLT Well-Known Member

    3,978
    965
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,329
    Local Time:
    12:27 PM
    1.11
    10.2
    By the way this restriction slow down or even kills PHP-FPM process when a web app script like wordpress embed on it's config wrong full path directory and also with a directory that doesn't exist.

    So from now on I have this commented out.
     
  3. eva2000

    eva2000 Administrator Staff Member

    30,947
    6,915
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,413
    Local Time:
    2:27 PM
    Nginx 1.13.x
    MariaDB 5.5
    could you elaborate ? examples?
     
  4. RoldanLT

    RoldanLT Well-Known Member

    3,978
    965
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,329
    Local Time:
    12:27 PM
    1.11
    10.2
    When Default WordPress Uploads Folder changed, and hard coded on config to wrong directory like /home/user/public_html/, uploading images on wp-admin kills PHP with open_basedir enabled.
    Without it, it simply fails instant.
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,947
    6,915
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,413
    Local Time:
    2:27 PM
    Nginx 1.13.x
    MariaDB 5.5
    is this with manually installed wordpress or centmin mod auto installed wp ??
     
  6. RoldanLT

    RoldanLT Well-Known Member

    3,978
    965
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,329
    Local Time:
    12:27 PM
    1.11
    10.2
    Manually installed. I transferred a WP site from Godaddy Cpanel installed.
    So open_basedir is not that good to have.
     
    • Informative Informative x 1
  7. RoldanLT

    RoldanLT Well-Known Member

    3,978
    965
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,329
    Local Time:
    12:27 PM
    1.11
    10.2
    and I disable it in all my server :).