Concrete5 Server hardening guide

Permalink
I would like to suggest the creation of a guide with the best practices of Concrete5 security hardening, including for example best practices using Ubuntu Server, Apache or Nginx, directory and files permissions and MySQL, some optimizations are also welcome.

I thing this can be a good value to Concrete5 project because I'm developing other projects that require Magento and I was very pleased to see a very well done detailed installation guide with best practices.

I hope we can grow this topic and thank you very much.

pedroserapio
View Replies:
MrKDilkington replied on at Permalink Reply
MrKDilkington
I think this is a good idea.
andrew replied on at Permalink Reply
andrew
This sounds like a great addition to the how-tos.
robodev replied on at Permalink Reply
Agree 1000%. After reading this post I sat down and got to work. This past weekend I spent many hours mapping out and testing what appear to be the biggest risks, what would be likely attack vectors, and researching the hardening approaches commonly used for other LAMP platforms. No need to reinvent the wheel, the basic hardening steps for most other similar platforms have all the same issues to address.

Security is what I do for a living. I specialize in web application security, vulnerability analysis and pen testing. Currently I maintain three C5 sites and have multiple test servers at home.

Having this sort of discusson open to the public is great for soliciting input, however it's obviously not a good idea to discuss real or potential vulnerabilites, attack vectors and so forth in a forum that's open the world.