Welcome to Geeklog, Anonymous Friday, April 19 2024 @ 10:23 pm EDT
Geeklog Forums
Script to secure Geeklog installation
Status: offline
jcz
Forum User
Chatty
Registered: 01/29/02
Posts: 39
I have a few sites installed by Fantistico through Cpanel which always sticks all of geeklog's files into the the web directory (which of course is insecure). I pieced together this script which I *think* secures Geeklog according to the guidelines in the docs. The settings work for my web host, but your mileage may vary.
I feel like the permission settings should be tighter, but I can't get anything else to run on my host. Comments and enhancements appreciated.
#!/bin/sh
# jcz 2007-may-18
# securegl.sh - helps secure Geeklog
# that has been installed completely
# into the webroot directory often public_html.
# Developed starting with Geeklog 1.4.1
###################################################
clear
echo ""
echo " Changing to the HTMl directory and copying the sensitive directories above"
echo " to directory above."
echo " ----------------------------------------------- "
cd /home/user/public_html
cp -Rv system ..
cp -Rv sql ..
cp -Rv plugins ..
cp -Rv logs ..
cp -Rv language ..
cp -Rv data ..
cp -Rv backups ..
cp config.php ..
echo ""
echo "Changing the name of the sensitive directories to fake names "
echo " ----------------------------------------------- "
mv -v system system_bak
mv -v sql sql_bak
mv -v plugins plugins_bak
mv -v logs logs_bak
mv -v language language_bak
mv -v data data_bak
mv -v backups backups_bak
mv -v config.php config.php.bak
echo ""
echo "Archiving the sensitive directories "
echo " ----------------------------------------------- "
tar czf system_bak.tar.gz system_bak
tar czf sql_bak.tar.gz sql_bak
tar czf plugins.tar.gz plugins_bak
tar czf logs.tar.gz logs_bak
tar czf language.tar.gz language_bak
tar czf data.tar.gz data_bak
tar czf backups.tar.gz backups_bak
tar czf config.php.tar.gz config.php.bak
echo ""
echo "Changing permissions on the directories in public_html "
echo " ----------------------------------------------- "
chmod -R 755 admin
chmod -R 755 calendar
chmod -R 755 docs
chmod -R 755 fckeditor
chmod -R 755 help
chmod -R 755 javascript
chmod -R 755 layout
chmod -R 755 links
chmod -R 755 polls
chmod -R 755 staticpages
chmod -R 775 backend
chmod -R 775 images/articles
chmod -R 775 images/topics
chmod -R 775 images/userphotos
echo ""
echo "Changing permissions on the directories above public_html "
echo " ----------------------------------------------- "
chmod -R 775 ../logs
chmod -R 775 ../data
chmod -R 775 ../backups
echo ""
echo "Things to change in config and lib files "
echo " ----------------------------------------------- "
echo ""
echo "edit lib-common.php. Change $_CONF['path_html'] to the full path to public_html "
echo "edit config.php. Change $_CONF['path'] to the directory where config.php now sits "
echo "edit config.php. Change $_CONF['path_html'] to the full path of the public_html directory';
echo ""
echo ""
echo "Then check http://yoursite.org/admin/sectest.php for the security test"
echo ""
I feel like the permission settings should be tighter, but I can't get anything else to run on my host. Comments and enhancements appreciated.
#!/bin/sh
# jcz 2007-may-18
# securegl.sh - helps secure Geeklog
# that has been installed completely
# into the webroot directory often public_html.
# Developed starting with Geeklog 1.4.1
###################################################
clear
echo ""
echo " Changing to the HTMl directory and copying the sensitive directories above"
echo " to directory above."
echo " ----------------------------------------------- "
cd /home/user/public_html
cp -Rv system ..
cp -Rv sql ..
cp -Rv plugins ..
cp -Rv logs ..
cp -Rv language ..
cp -Rv data ..
cp -Rv backups ..
cp config.php ..
echo ""
echo "Changing the name of the sensitive directories to fake names "
echo " ----------------------------------------------- "
mv -v system system_bak
mv -v sql sql_bak
mv -v plugins plugins_bak
mv -v logs logs_bak
mv -v language language_bak
mv -v data data_bak
mv -v backups backups_bak
mv -v config.php config.php.bak
echo ""
echo "Archiving the sensitive directories "
echo " ----------------------------------------------- "
tar czf system_bak.tar.gz system_bak
tar czf sql_bak.tar.gz sql_bak
tar czf plugins.tar.gz plugins_bak
tar czf logs.tar.gz logs_bak
tar czf language.tar.gz language_bak
tar czf data.tar.gz data_bak
tar czf backups.tar.gz backups_bak
tar czf config.php.tar.gz config.php.bak
echo ""
echo "Changing permissions on the directories in public_html "
echo " ----------------------------------------------- "
chmod -R 755 admin
chmod -R 755 calendar
chmod -R 755 docs
chmod -R 755 fckeditor
chmod -R 755 help
chmod -R 755 javascript
chmod -R 755 layout
chmod -R 755 links
chmod -R 755 polls
chmod -R 755 staticpages
chmod -R 775 backend
chmod -R 775 images/articles
chmod -R 775 images/topics
chmod -R 775 images/userphotos
echo ""
echo "Changing permissions on the directories above public_html "
echo " ----------------------------------------------- "
chmod -R 775 ../logs
chmod -R 775 ../data
chmod -R 775 ../backups
echo ""
echo "Things to change in config and lib files "
echo " ----------------------------------------------- "
echo ""
echo "edit lib-common.php. Change $_CONF['path_html'] to the full path to public_html "
echo "edit config.php. Change $_CONF['path'] to the directory where config.php now sits "
echo "edit config.php. Change $_CONF['path_html'] to the full path of the public_html directory';
echo ""
echo ""
echo "Then check http://yoursite.org/admin/sectest.php for the security test"
echo ""
4
3
Quote
Status: offline
jmucchiello
Forum User
Full Member
Registered: 08/29/05
Posts: 985
What is the purpose of the archiving? And why cp then rm the files when you can mv them?
Personally, you just should never use the fantastico installer. Do it yourself. You'll learn some things about Geeklog in the process and you won't have the false sense that it is "properly" installed that fantastico gives noobs.
Personally, you just should never use the fantastico installer. Do it yourself. You'll learn some things about Geeklog in the process and you won't have the false sense that it is "properly" installed that fantastico gives noobs.
5
5
Quote
All times are EDT. The time is now 10:23 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content