centosphpapachemysql安全管理.docVIP

1.mysql,每个站点设置独立用户和密码；root禁用掉远程连接，删除hosts为%的root。 2.php禁用函数：php.ini中设置 [plain]? HYPERLINK /cdefg198/article/details/6738464 \o view plain view plain HYPERLINK /cdefg198/article/details/6738464 \o copy copy disable_functions?=phpinfo,system,exec,shell_exec,passthru,proc_open,proc_close,proc_get_status,checkdnsrr,getmxrr,getservbyname,getservbyport,syslog,popen,show_source,highlight_file,posix_ctermid,posix_get_last_error,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname,dl,socket_listen,socket_create,socket_bind,socket_accept,socket_connect,stream_socket_server,stream_socket_accept,stream_socket_client,ftp_connect,ftp_login,ftp_pasv,ftp_get,press,gzopen,gzpassthru,gzcompress,passthru,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthu,stream_socket_srver,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,error_log,ini_alter,ini_set,ini_restore,dl,pfsockopen,syslog,readlink,symlink,popen,stream_socket_server,putenv,eval??? 3.apache配置文件中： Directory /var/www/webroot ? Options -Indexes FollowSymLinks ? AllowOverride All ? Order allow,deny? Allow from all/Directory Files ~ ^\.(php.|php3.)??? Order allow,deny??? Deny from all/Files 站点VirtualHost配置节点下添加 php_admin_value open_basedir 站点目录:上传文件临时目录。 php.ini 中upload_tmp_dir 设置临时目录。?