[BlueOnyx:20972] Re: Hardening BlueOnyx
Ken Marcus
kenbxlist at precisionwebhosting.com
Wed Apr 26 17:58:20 -05 2017
Aaron
>>1. PHP version
Just edit the php.ini to change one line from
expose_php = On
to
expose_php = Off
>>disable TLS 1.0
For port 443 (regular https pages) edit
nano -w /etc/httpd/conf.d/ssl_perl.conf
Change
SSLProtocol => "+ALL -SSLv2 -SSLv3",
to
SSLProtocol => "+ALL -TLSv1 -SSLv2 -SSLv3",
>>SSH ciphers
I have the server set to only ssh from my own IP that I connect from; with
a script to open up whatever IP I view a certain page from / whatever IP I
am at within 10 minutes. This saves me the trouble of explaining to them
that the SSH version etc, is patched.
>>cleartext authentication enabled on FTP, SMTP, the admin web UI
1. In the /admin area, try only enabling SMTPs not SMTP (not sure about
this)
2. In the /admin area, enable only FTPS not FTP.
3. For the web UI, in the APF of whatever firewall, turn off port 444 but
leave on port 81
3.b. Then edit the nano -w /etc/httpd/conf.d/blueonyx.conf
"RewriteRule"s at the beginning of the file to redirect to the specific
https address on port 81
Restart respective services as needed.
Ken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20170426/11517bb5/attachment.html>
More information about the Blueonyx
mailing list