[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread ]
Hi Simon. Really great to get your viewpoint on this as well. As per my reply to Gordon, the PHP coding is in-house and generally the coding element should be fine as we use a well established PHP framework to combat most of the common PHP security issues (CSRF/SQL Injection) etc.. etc... Someone does not have to come to us, we are happy to travel anywhere within Cornwall and Devon. I also second your point regarding tightening too much resulting in more headaches when trying to write the code but a general grasp of how much detail and scope we can go into with this would be ideal. These are the server specs as its made up so far :- Dedicated Server (hosted with RackSpace) Debian 6.0 (64 Bit) Apache 2.2.14 MySQL 5.1.58 (DotDeb release) PHP 5.3.8 (DotDeb release) Mail Server (Postfix) No other required services/daemons. Regards Philip. -----Original Message----- From: list-bounces@xxxxxxxxxxxxx [mailto:list-bounces@xxxxxxxxxxxxx] On Behalf Of Simon Waters Sent: 29 November 2011 12:59 To: list@xxxxxxxxxxxxx Subject: Re: [LUG] Linux Security Mentoring Philip Radford wrote: > > We have funding set aside for mentoring, so we are specifically > looking for advice on online security and locking down the servers. > Does anyone on this list know of a company or someone in the field > within the Devon & Cornwall area who could provide mentoring/advice in this field of expertise.? Sort of thing I do, have done, but I typically do it and haven't mentored, so not sure expertise is the appropriate phrase. It is also potentially a big topic, I don't have the skills to advise on PHP coding specifics assuming you mean PHP for the P in LAMP, there are folks here that do (Gemma springs to mind - although she has been quiet recently, I'm sure there are others), I don't have the skills to advise on SELinux, which might be vital to you depending on the sort of threat you anticipate, our local expert on that got married and moved away, although again we may have gained some more since. What are you hoping to gain by looking for local expertise, are expecting people to go to Redruth? Are their specific tools you are looking at? Are there specific packages you expect to support (Wordpress/Drupal/MediaWiki), or is it in-house code? The main gotcha with Debian PHP is the default php.ini is intended for development. Debian also package Sushosin, install it early for PHP and lock it down so you are relaxing things, as retrospectively tightening up those sorts of permissions never works (you break stuff and people complain, where as if it never works in the first place they either ask or do something different). The other aspect is that "locking down" beyond the well trodden paths often creates additional burdens on maintenance and development, and good security is picking the right balance between locked down tight, and not unduly restrictive, which depends on the threat model. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq