addon_securityadvisor icon indicating copy to clipboard operation
addon_securityadvisor copied to clipboard

Published 20 hours ago verified publisher icon bdraco

Suggestions: EasyApache

Open Jamyn opened this issue 11 years ago • 3 comments

Just documenting suggestions submitted by others so we don't lose them.

  • ERROR: Tomcat is installed (current version is EOL, runs as shared user)
  • ERROR: Mono is installed (current version is EOL, runs as shared user?)
  • WARN: Mod_security not installed (warning since the hosting provider may have a separate WAF)
  • ERROR: Any caching PHP extensions installed (allow various kinds of cache poisoning to take over other sites depending on the configuration.)
  • ERROR: PHP4 installed on the system (EOL, numerous CVEs)
  • ERROR: PHP 5.[012] installed on the system (EOL, numerous CVEs)
  • ERROR: PHP 5.3 or 5.4 installed on the system with any version other than the latest.

DONE - ERROR: Apache 1 installed (EOL, CVEs) DONE - ERROR: Apache 2.0 installed (Near EOL, upstream support is spotty)

  • ERROR: Apache 2.2/2.4 is installed other than the latest version

Jamyn avatar May 17 '13 17:05 Jamyn

Apache Global options to be more PCI ready

Check for any mod_sec rules (anything at all just make sure it's not empty)

Recommend apache 2.2/2.4

Jamyn avatar May 17 '13 18:05 Jamyn

note: mod_security is not compat with mod_ruid2 so don't warn if mod_ruid2 is active

bdraco avatar May 17 '13 20:05 bdraco

Re: mod_security and mod_ruid2 incompatibility - we should hold off on any changes until internal case 75905 is resolved.

Jamyn avatar Aug 22 '13 15:08 Jamyn