Archive for July 2010

Ubuntu PHP hardening with Suhosin

Ubuntu includes the php suhosin patches…. Install suhosin extension aptitude install php5-suhosin /etc/php5/{apache2,cli,cgi}/php.ini ; suhosin parameters suhosin.executor.include.max_traversal = 4 suhosin.executor.disable_eval = On suhosin.executor.disable_emodifier = On suhosin.mail.protect = 2 suhosin.sql.bailout_on_error = On Restart apache service apache2 restart Sometimes it could be necessary to set suhosin.session.encrypt to off for some login scripts.

Postfix as relayhost with SASL auth

Client configuration (notebook, workstation what ever) Edit your /etc/postfix/main.cf # TLS client parameter smtp_use_tls = yes smtp_enforce_tls = yes # for postfix < 2.3 # smtp_tls_security_level = secure smtp_sasl_tls_security_options = $smtp_sasl_security_options smtp_tls_CAfile = /etc/ssl/certs/cacert.org.pem smtp_tls_loglevel = 0 [...] relayhost = [mx1.example.com]:587 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 inet_interfaces = loopback-only [...] smtp_sasl_auth_enable = yes smtp_sasl_password_maps = [...]