https://forums.modx.com/thread/?thread=10846 https://forums.modx.com/thread/10846/hardening-securing-modx?page=2#dis-post-62327 sottwell Jul 15, 2009, 11:20 AM https://forums.modx.com/thread/10846/hardening-securing-modx?page=2#dis-post-62327 https://forums.modx.com/thread/10846/hardening-securing-modx?page=2#dis-post-62326
I ended up doing a new install/upgrade.

I have some more questions after changing some of the permissions for some of the asset folders and files to allow the install, should I change them back to the way there were afterwards?

I’ve already done that for the config file.

Just not sure about the others.]]> markg Jul 15, 2009, 04:57 AM https://forums.modx.com/thread/10846/hardening-securing-modx?page=2#dis-post-62326 https://forums.modx.com/thread/10846/hardening-securing-modx?page=2#dis-post-62325 shamblett Jul 15, 2009, 02:33 AM https://forums.modx.com/thread/10846/hardening-securing-modx?page=2#dis-post-62325 https://forums.modx.com/thread/10846/hardening-securing-modx?page=2#dis-post-62324
Thanks

]]> markg Jul 14, 2009, 11:23 PM https://forums.modx.com/thread/10846/hardening-securing-modx?page=2#dis-post-62324 https://forums.modx.com/thread/10846/hardening-securing-modx#dis-post-62323 can you share your mod_security rulesets for 096x?, yes no probs, I’ll post this as soon, I’ve got a bit of downtime from now for about 36 hrs as I’m physically moving my server but I will get back to you.]]> shamblett Mar 19, 2009, 03:28 PM https://forums.modx.com/thread/10846/hardening-securing-modx#dis-post-62323 https://forums.modx.com/thread/10846/hardening-securing-modx#dis-post-62322 rethrash Mar 19, 2009, 02:34 PM https://forums.modx.com/thread/10846/hardening-securing-modx#dis-post-62322 https://forums.modx.com/thread/10846/hardening-securing-modx#dis-post-62321 but you can have a secure server..., yes, harden your server first, then according to what it is going to be doing , e.g webserver, harden it further, then harden any specific app you are using in the best way possible. As for PHPsuExec / suPHP personally I don’t use these as I have full control of my physical server(s) I’ve found I don’t need them but this must be judged on a case by case basis. I do use mod_security and once I’d set it up so I can use the manager with it(saving chunks etc.) its been OK so far.

If your in the Red Hat world this is a good read http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf. This seems to be one way governments/large corporates are going, in particular, tweaking/writing SElinux policies is moving away from military/paranoid/niche markets more into mainstream all the time.]]> shamblett Mar 19, 2009, 09:32 AM https://forums.modx.com/thread/10846/hardening-securing-modx#dis-post-62321 https://forums.modx.com/thread/10846/hardening-securing-modx#dis-post-62320
My understanding is suExec makes things easier when you set permissions but you can have a secure server not running it (at least, it seems so from my experience). I am still debating wether or not going for it, not for security but easier permissions set up...

For tighest security mod_security, but then you can pull your hair out since it brings a lot of issues no matter what script you use...]]> davidm Mar 19, 2009, 08:48 AM https://forums.modx.com/thread/10846/hardening-securing-modx#dis-post-62320 https://forums.modx.com/thread/10846/hardening-securing-modx#dis-post-62319 opengeek Mar 19, 2009, 08:38 AM https://forums.modx.com/thread/10846/hardening-securing-modx#dis-post-62319 https://forums.modx.com/thread/10846/hardening-securing-modx#dis-post-62318 Server API is CGI then suPHP is enabled.

There’s phpsecinfo which is also quite handy.


http://www.phpasks.com/suphp/index.html

http://www.phpasks.com/suphp/phpsuexec.pdf]]> knightknight Mar 19, 2009, 06:55 AM https://forums.modx.com/thread/10846/hardening-securing-modx#dis-post-62318