sudo chown -R MYUSER:www-data *
sudo find . -type d -exec chmod 755 {} \;
sudo find . -type f -exec chmod 640 {} \;
sudo find sites/default/files/config* -type f -exec chmod 664 {} \;
reddyweb
/ drupal-8-security-permissions.md
Created
November 26, 2018 10:12
— forked from davebeach/drupal-8-security-permissions.md
Drupal 8.0 Security Settings
reddyweb
/ .gitignore
Created
November 26, 2018 08:57
Ignore directories and files from git. Useful for Drupal 8.x projects which created by Composer.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ignore directories generated by Composer | |
| /drush/contrib/ | |
| /vendor/* | |
| # Ignore sensitive information | |
| /web/sites/*/settings*.php | |
| /web/sites/*/services*.yml | |
| # Ignore Drupal's file directory | |
| /web/sites/*/files/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # prevent site fingerprinting via release related files | |
| <FilesMatch "(^API|CHANGELOG|COPYRIGHT|INSTALL|LICENSE|PATCHES|MAINTAINERS|README|TODO|UPGRADE|UPDATE|update|install|authorize).*\.(md|txt|php)$"> | |
| Order deny,allow | |
| Deny from all | |
| </FilesMatch> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Based on https://www.drupal.org/node/244924 | |
| # Disable PHP insecure functions | |
| disable_sys_funcs() { | |
| printf "\nDisabling PHP Dangerous/Insecure Functions ...\n" | |
| funcs_to_disable="apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode" | |
| PHP_ini=$(find /etc/ -name php.ini 2>&1 | grep apache) |
reddyweb
/ install_lamp_16.sh
Created
July 30, 2018 12:03
— forked from ankurk91/install_lamp_ubuntu.sh
Ubuntu 16.04 - PHP development (php 7.1, MySQL 5.7, apache 2.4)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| IFS=$'\n\t' | |
| # Ubuntu 16.04 Dev Server | |
| # Run like - bash install_lamp.sh | |
| # Script should auto terminate on errors | |
| echo -e "\e[96m Adding PPA \e[39m" | |
| sudo add-apt-repository -y ppa:ondrej/apache2 |
NewerOlder