Sito/Technical documentation

Da Wikimedia Italia.
Versione del 2 mar 2021 alle 22:37 di Valerio Bozzolan (Discussione | contributi) (Creata pagina con "{{Bozza}} == Unix user == <pre> $ # start hardening creating a dedicated user $ adduser apache-wmi $ usermod -aG apache apache-wmi </pre> == Hardening == <pre> # first ste...")

(diff) ← Versione meno recente | Versione attuale (diff) | Versione più recente → (diff)
Work in progress

Unix user

$ # start hardening creating a dedicated user
$ adduser apache-wmi
$ usermod -aG apache apache-wmi

Hardening

# first step: make whole application read-only for everyone
chown root: -R       /var/www/wmi/wordpress

# second step: protect some secrets
chmod o=            /var/www/wmi/{tmp,session}
chown apache-wmi:   /var/www/wmi/{tmp,session}
chmod o=            /var/www/wmi/wordpress/wp-config.php
chown apache-wmi:   /var/www/wmi/wordpress/wp-config.php

# third step: allow write-mode on some locations
chown -R apache-wmi: /var/www/wmi/wordpress/wp-content
chown apache-wmi:    /var/www/wmi/{tmp,session}

Update

Before being able to do an update, run this:

chown apache-wmi: -R /var/www/wmi/wordpress

When your upgrade is concluded, run again the #Hardening part.