1.mysql,每个站点设置独立用户和密码;root禁用掉远程连接,删除hosts为%的root。
2.php禁用函数:php.ini中设置
disable_functions = phpinfo,system,exec,proc_close,checkdnsrr,getmxrr,getservbyname,getservbyport,show_source,highlight_file,posix_ctermid,posix_get_last_error,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname,socket_listen,socket_create,socket_bind,socket_accept,socket_connect,stream_socket_accept,stream_socket_client,ftp_connect,ftp_login,ftp_pasv,ftp_get,zlib.compress,gzopen,gzpassthru,gzcompress,passthru,chroot,shell_exec,proc_open,proc_get_status,openlog,syslog,popepassthu,stream_socket_srver,scandir,chgrp,chown,error_log,ini_alter,ini_set,ini_restore,dl,pfsockopen,readlink,symlink,popen,stream_socket_server,putenv,eval
3.apache配置文件中:
<Directory "/var/www/webroot">
Options -Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<Files ~ "^\.(php.|php3.)">
Order allow,deny
Deny from all
</Files>
站点<VirtualHost配置节点下添加
php_admin_value open_basedir 站点目录:上传文件临时目录。
php.ini 中upload_tmp_dir 设置临时目录。
4.apache配置文件中:
ServerTokens OS ← 找到这一行,将“OS”改为“Prod”(在出现错误页的时候不显示服务器操作系统的名称)
↓
ServerTokens Prod ← 变为此状态
未完待续......