Problem is new to LAMP, and want to test the system config in any automated checklist way.
Any suggestions?
Asked
Active
Viewed 392 times
2 Answers
3
Bastille Linux comes to mind.
It's not LAMP specific as such, but is probably a good place to start.
LukeR
- 3,126
- 2
- 30
- 25
2
There's another PHP config security audit tool which you might find useful (and I'd appreciate any suggestions you might have for it :)
danlefree
- 2,923
- 1
- 19
- 20
-
**@danlefree:** Have a very limited knowledge of PHP, what does the code do? – blunders Oct 21 '10 at 17:24
-
@blunders - It tests to determine whether functions which an attacker would use are enabled (i.e. test whether remote file includes are enabled, test whether your PHP config allows a script to issue shell commands, etc) - the audit tool won't do anything malicious, but the idea is based upon a remote include file I've seen a would-be hacker try :) – danlefree Oct 21 '10 at 17:39
-
**@danlefree:** So, haven't found anyone else to look at the code, but did see one thing that puzzled me. get_current_user would not equal PHP's system rights, correct, nor would PHP ever be root. Am I missing something? – blunders Oct 21 '10 at 19:44
-
@blunders - It's *possible* to run PHP and Apache under the root account - figured it'd be worth warning about if encountered :) – danlefree Oct 21 '10 at 19:59
-
**@danlefree:** Ended up not using it, just to hard (for me) to tell what it's doing. Did post this question, though and it appear to be an ok script... :-) ...again, thanks! http://stackoverflow.com/questions/3987631/want-to-audit-my-php-security-will-this-php-harm-modifiy-etc-my-system-if-run – blunders Oct 22 '10 at 14:09