Mediawiki/Hardening

From r00tedvw.com wiki
Jump to: navigation, search

Disable user self registration

Add the following to LocalSettings.php

# Prevent new user registrations except by sysops
$wgGroupPermissions['*']['createaccount'] = false;

Uploads Dir security

add to the bottom of your Virtual site config, before you close it:

<Directory /var/www/yoursite.com/wiki/images/>
              # Ignore .htaccess files
              AllowOverride None
              # Serve HTML as plaintext, don't execute SHTML
              AddType text/plain .html .htm .shtml .php
              # Don't run arbitrary PHP code.
              php_admin_flag engine off
               # If you've other scripting languages, disable them too.
</Directory>

remove security variables from LocalSettings.php

Its not a good idea to have the security variables within a file that lives in the document root. Should a problem happen, like php crashes, and php files can be downloaded or served in plain text, you've just had your security compromised.
Start by creating a folder and file that lives outside of the document root and its children. For example, if your document root is /var/www/ then you'll want to do something like this:

~$ sudo mkdir /var/security/
~$ sudo chown www-data:www-data /var/security
~$ sudo chmod 644 /var/security
~$ sudo vi /var/security/secure.php
~$ sudo chown www-data:www-data /var/security/secure.php
~$ sudo chmod 644 /var/security/secure.php

Now with the files created, modify LocalSettings.php and add:

#including separate file that contains the database password so that it is not stored within the document root.
require_once "/var/security/secure.php";

Finally, within the new file we've created outside of the document root, define your variables that Mediawiki still needs, such as:

<?php
#Mediawiki
#Database Settings
$wgDBpassword =
$wgDBserver =
$wgDBname =
$wgDBuser =

#Secretkey
$wgSecretKey =
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Ubuntu
Oracle Linux
AWS
Windows
OpenVPN
Grafana
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
MetaSploit
Zoneminder
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
Toolbox