From 5409ade28c5f0acf99dbadd4d95e6f8efda5d395 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Thu, 14 Apr 2016 14:20:23 +0200 Subject: Update docs from Wiki --- doc/Server-security.html | 166 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 166 insertions(+) create mode 100644 doc/Server-security.html (limited to 'doc/Server-security.html') diff --git a/doc/Server-security.html b/doc/Server-security.html new file mode 100644 index 00000000..97f93780 --- /dev/null +++ b/doc/Server-security.html @@ -0,0 +1,166 @@ + + + + + + + Shaarli – Server security + + + + + + +
+ +
+

Server security

+

php.ini

+

PHP settings are defined in:

+ +

Locate .ini files

+

Console environment

+
$ php --ini
+Configuration File (php.ini) Path: /etc/php
+Loaded Configuration File:         /etc/php/php.ini
+Scan for additional .ini files in: /etc/php/conf.d
+Additional .ini files parsed:      /etc/php/conf.d/xdebug.ini
+

Server environment

+ +

fail2ban

+

fail2ban is an intrusion prevention framework that reads server (Apache, SSH, etc.) and uses iptables profiles to block brute-force attempts:

+ +

Read Shaarli logs to ban IPs

+

Example configuration:

+ +

/etc/fail2ban/jail.local

+
[shaarli-auth][](.html)
+enabled  = true
+port     = https,http
+filter   = shaarli-auth
+logpath  = /var/www/path/to/shaarli/data/log.txt
+maxretry = 3
+bantime = -1
+

/etc/fail2ban/filter.d/shaarli-auth.conf

+
[INCLUDES][](.html)
+before = common.conf
+[Definition][](.html)
+failregex = \s-\s<HOST>\s-\sLogin failed for user.*$
+ignoreregex = 
+ + -- cgit v1.2.3