kotnik
/
shaarli


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417
							<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  
  
  <link rel="shortcut icon" href="../img/favicon.ico">
  <title>Server security - Shaarli Documentation</title>
  <link href='https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel='stylesheet' type='text/css'>

  <link rel="stylesheet" href="../css/theme.css" type="text/css" />
  <link rel="stylesheet" href="../css/theme_extra.css" type="text/css" />
  <link rel="stylesheet" href="../css/highlight.css">
  <link href="../github-markdown.css" rel="stylesheet">
  
  <script>
    // Current page data
    var mkdocs_page_name = "Server security";
    var mkdocs_page_input_path = "Server-security.md";
    var mkdocs_page_url = "/Server-security/";
  </script>
  
  <script src="../js/jquery-2.1.1.min.js"></script>
  <script src="../js/modernizr-2.8.3.min.js"></script>
  <script type="text/javascript" src="../js/highlight.pack.js"></script> 
  
</head>

<body class="wy-body-for-nav" role="document">

  <div class="wy-grid-for-nav">

    
    <nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
      <div class="wy-side-nav-search">
        <a href=".." class="icon icon-home"> Shaarli Documentation</a>
        <div role="search">
  <form id ="rtd-search-form" class="wy-form" action="../search.html" method="get">
    <input type="text" name="q" placeholder="Search docs" />
  </form>
</div>
      </div>

      <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
	<ul class="current">
	  
          
            <li class="toctree-l1">
		
    <a class="" href="..">Home</a>
	    </li>
          
            <li class="toctree-l1">
		
    <span class="caption-text">Setup</span>
    <ul class="subnav">
                <li class="">
                    
    <a class="" href="../Download-and-Installation/">Download and Installation</a>
                </li>
                <li class="">
                    
    <a class="" href="../Upgrade-and-migration/">Upgrade and migration</a>
                </li>
                <li class="">
                    
    <a class="" href="../Server-requirements/">Server requirements</a>
                </li>
                <li class="">
                    
    <a class="" href="../Server-configuration/">Server configuration</a>
                </li>
                <li class=" current">
                    
    <a class="current" href="./">Server security</a>
    <ul class="subnav">
            
    <li class="toctree-l3"><a href="#phpini">php.ini</a></li>
    
        <ul>
        
            <li><a class="toctree-l4" href="#locate-ini-files">Locate .ini files</a></li>
        
        </ul>
    

    <li class="toctree-l3"><a href="#fail2ban">fail2ban</a></li>
    
        <ul>
        
            <li><a class="toctree-l4" href="#read-shaarli-logs-to-ban-ips">Read Shaarli logs to ban IPs</a></li>
        
        </ul>
    

    <li class="toctree-l3"><a href="#robots-restricting-search-engines-and-web-crawler-traffic">Robots - Restricting search engines and web crawler traffic</a></li>
    

    </ul>
                </li>
                <li class="">
                    
    <a class="" href="../Shaarli-configuration/">Shaarli configuration</a>
                </li>
                <li class="">
                    
    <a class="" href="../Plugins/">Plugins</a>
                </li>
    </ul>
	    </li>
          
            <li class="toctree-l1">
		
    <span class="caption-text">Docker</span>
    <ul class="subnav">
                <li class="">
                    
    <a class="" href="../docker/docker-101/">Docker 101</a>
                </li>
                <li class="">
                    
    <a class="" href="../docker/shaarli-images/">Shaarli images</a>
                </li>
                <li class="">
                    
    <a class="" href="../docker/reverse-proxy-configuration/">Reverse proxy configuration</a>
                </li>
                <li class="">
                    
    <a class="" href="../docker/resources/">Docker resources</a>
                </li>
    </ul>
	    </li>
          
            <li class="toctree-l1">
		
    <span class="caption-text">Usage</span>
    <ul class="subnav">
                <li class="">
                    
    <a class="" href="../Features/">Features</a>
                </li>
                <li class="">
                    
    <a class="" href="../Bookmarklet/">Bookmarklet</a>
                </li>
                <li class="">
                    
    <a class="" href="../Browsing-and-searching/">Browsing and searching</a>
                </li>
                <li class="">
                    
    <a class="" href="../Firefox-share/">Firefox share</a>
                </li>
                <li class="">
                    
    <a class="" href="../RSS-feeds/">RSS feeds</a>
                </li>
                <li class="">
                    
    <a class="" href="../REST-API/">REST API</a>
                </li>
    </ul>
	    </li>
          
            <li class="toctree-l1">
		
    <span class="caption-text">How To</span>
    <ul class="subnav">
                <li class="">
                    
    <a class="" href="../Backup,-restore,-import-and-export/">Backup, restore, import and export</a>
                </li>
                <li class="">
                    
    <a class="" href="../Various-hacks/">Various hacks</a>
                </li>
    </ul>
	    </li>
          
            <li class="toctree-l1">
		
    <a class="" href="../Troubleshooting/">Troubleshooting</a>
	    </li>
          
            <li class="toctree-l1">
		
    <span class="caption-text">Development</span>
    <ul class="subnav">
                <li class="">
                    
    <a class="" href="../Development-guidelines/">Development guidelines</a>
                </li>
                <li class="">
                    
    <a class="" href="../Continuous-integration-tools/">Continuous integration tools</a>
                </li>
                <li class="">
                    
    <a class="" href="../GnuPG-signature/">GnuPG signature</a>
                </li>
                <li class="">
                    
    <a class="" href="../Coding-guidelines/">Coding guidelines</a>
                </li>
                <li class="">
                    
    <a class="" href="../Directory-structure/">Directory structure</a>
                </li>
                <li class="">
                    
    <a class="" href="../3rd-party-libraries/">3rd party libraries</a>
                </li>
                <li class="">
                    
    <a class="" href="../Plugin-System/">Plugin System</a>
                </li>
                <li class="">
                    
    <a class="" href="../Release-Shaarli/">Release Shaarli</a>
                </li>
                <li class="">
                    
    <a class="" href="../Versioning-and-Branches/">Versioning and Branches</a>
                </li>
                <li class="">
                    
    <a class="" href="../Security/">Security</a>
                </li>
                <li class="">
                    
    <a class="" href="../Static-analysis/">Static analysis</a>
                </li>
                <li class="">
                    
    <a class="" href="../Theming/">Theming</a>
                </li>
                <li class="">
                    
    <a class="" href="../Unit-tests/">Unit tests</a>
                </li>
    </ul>
	    </li>
          
            <li class="toctree-l1">
		
    <span class="caption-text">About</span>
    <ul class="subnav">
                <li class="">
                    
    <a class="" href="../FAQ/">FAQ</a>
                </li>
                <li class="">
                    
    <a class="" href="../Community-&-Related-software/">Community & Related software</a>
                </li>
    </ul>
	    </li>
          
        </ul>
      </div>
      &nbsp;
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

      
      <nav class="wy-nav-top" role="navigation" aria-label="top navigation">
        <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
        <a href="..">Shaarli Documentation</a>
      </nav>

      
      <div class="wy-nav-content">
        <div class="rst-content">
          <div role="navigation" aria-label="breadcrumbs navigation">
  <ul class="wy-breadcrumbs">
    <li><a href="..">Docs</a> &raquo;</li>
    
      
        
          <li>Setup &raquo;</li>
        
      
    
    <li>Server security</li>
    <li class="wy-breadcrumbs-aside">
      
        <a href="https://github.com/shaarli/Shaarli/edit/master/docs/Server-security.md"
          class="icon icon-github"> Edit on GitHub</a>
      
    </li>
  </ul>
  <hr/>
</div>
          <div role="main">
            <div class="section">
              
                <h2 id="phpini">php.ini</h2>
<p>PHP settings are defined in:
- a main configuration file, usually found under <code>/etc/php5/php.ini</code>; some distributions provide different configuration environments, e.g.
    - <code>/etc/php5/php.ini</code> - used when running console scripts
    - <code>/etc/php5/apache2/php.ini</code> - used when a client requests PHP resources from Apache
    - <code>/etc/php5/php-fpm.conf</code> - used when PHP requests are proxied to PHP-FPM
- additional configuration files/entries, depending on the installed/enabled extensions:
    - <code>/etc/php/conf.d/xdebug.ini</code></p>
<h3 id="locate-ini-files">Locate .ini files</h3>
<h4 id="console-environment">Console environment</h4>
<pre><code class="bash">$ php --ini
Configuration File (php.ini) Path: /etc/php
Loaded Configuration File:         /etc/php/php.ini
Scan for additional .ini files in: /etc/php/conf.d
Additional .ini files parsed:      /etc/php/conf.d/xdebug.ini
</code></pre>

<h4 id="server-environment">Server environment</h4>
<ul>
<li>create a <code>phpinfo.php</code> script located in a path supported by the web server, e.g.<ul>
<li>Apache (with user dirs enabled): <code>/home/myself/public_html/phpinfo.php</code></li>
<li><code>/var/www/test/phpinfo.php</code></li>
</ul>
</li>
<li>make sure the script is readable by the web server user/group (usually, <code>www</code>, <code>www-data</code> or <code>httpd</code>)</li>
<li>access the script from a web browser</li>
<li>look at the <em>Loaded Configuration File</em> and <em>Scan this dir for additional .ini files</em> entries</li>
</ul>
<pre><code class="php">&lt;?php phpinfo(); ?&gt;
</code></pre>

<h2 id="fail2ban">fail2ban</h2>
<p><code>fail2ban</code> is an intrusion prevention framework that reads server (Apache, SSH, etc.) and uses <code>iptables</code> profiles to block brute-force attempts:
- <a href="http://www.fail2ban.org/wiki/index.php/Main_Page">Official website</a>
- <a href="https://github.com/fail2ban/fail2ban">Source code</a></p>
<h3 id="read-shaarli-logs-to-ban-ips">Read Shaarli logs to ban IPs</h3>
<p>Example configuration:
- allow 3 login attempts per IP address
- after 3 failures, permanently ban the corresponding IP adddress</p>
<p><code>/etc/fail2ban/jail.local</code></p>
<pre><code class="ini">[shaarli-auth]
enabled  = true
port     = https,http
filter   = shaarli-auth
logpath  = /var/www/path/to/shaarli/data/log.txt
maxretry = 3
bantime = -1
</code></pre>

<p><code>/etc/fail2ban/filter.d/shaarli-auth.conf</code></p>
<pre><code class="ini">[INCLUDES]
before = common.conf
[Definition]
failregex = \s-\s&lt;HOST&gt;\s-\sLogin failed for user.*$
ignoreregex = 
</code></pre>

<h2 id="robots-restricting-search-engines-and-web-crawler-traffic">Robots - Restricting search engines and web crawler traffic</h2>
<p>Creating a <code>robots.txt</code> with the following contents at the root of your Shaarli installation will prevent <em>honest</em> web crawlers from indexing each and every link and Daily page from a Shaarli instance, thus getting rid of a certain amount of unsollicited network traffic.</p>
<pre><code>User-agent: *
Disallow: /
</code></pre>

<p>See:
- http://www.robotstxt.org/
- http://www.robotstxt.org/robotstxt.html
- http://www.robotstxt.org/meta.html</p>
              
            </div>
          </div>
          <footer>
  
    <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
      
        <a href="../Shaarli-configuration/" class="btn btn-neutral float-right" title="Shaarli configuration">Next <span class="icon icon-circle-arrow-right"></span></a>
      
      
        <a href="../Server-configuration/" class="btn btn-neutral" title="Server configuration"><span class="icon icon-circle-arrow-left"></span> Previous</a>
      
    </div>
  

  <hr/>

  <div role="contentinfo">
    <!-- Copyright etc -->
    
  </div>

  Built with <a href="http://www.mkdocs.org">MkDocs</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
	  
        </div>
      </div>

    </section>
    
  </div>

  <div class="rst-versions" role="note" style="cursor: pointer">
    <span class="rst-current-version" data-toggle="rst-current-version">
      
          <a href="https://github.com/shaarli/Shaarli" class="fa fa-github" style="float: left; color: #fcfcfc"> GitHub</a>
      
      
        <span><a href="../Server-configuration/" style="color: #fcfcfc;">&laquo; Previous</a></span>
      
      
        <span style="margin-left: 15px"><a href="../Shaarli-configuration/" style="color: #fcfcfc">Next &raquo;</a></span>
      
    </span>
</div>
    <script src="../js/theme.js"></script>

</body>
</html>