Addition/Protect.Configure.Files
From iRedMail
Revision as of 08:48, 25 July 2010 by ZhangHuangbin (Talk | contribs)
iRedMail-0.6.0 and earlier versions didn't set strict file permission on config files, even they contain username/passwords. Below's a quick fix, if you found that we missed some other files, please contact us.
Note:
- iRedAPD-1.3.3 is set to run as a low privilege user, if you didn't upgrade it, please reinstall it with iRedAPD install tutorial.
- iRedAdmin is set to run as a low privilege user, if you didn't apply this, please read this simple tutorial: Secure your exist iRedAdmin.
Steps:
- On RHEL/CentOS:
| Terminal: |
# chmod 0500 /etc/dovecot-ldap.conf /etc/dovecot-mysql.conf # Dovecot # chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix # chmod 0640 /etc/amavisd.conf # Amavisd # chmod 0600 /etc/httpd/conf.d/awstats.conf # Awstats |
- On Debian/Ubuntu:
| Terminal: |
# chmod 0500 /etc/dovecot/dovecot-ldap.conf /etc/dovecot/dovecot-mysql.conf # Dovecot # chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix # chmod 0640 /etc/amavis/conf.d/50-user # Amavisd # chmod 0600 /etc/apache2/conf.d/awstats.conf # Awstats |
- On FreeBSD:
| Terminal: |
# chmod 0500 /etc/dovecot-ldap.conf /etc/dovecot-mysql.conf # Dovecot # chmod 0640 /etc/postfix/ldap_*.cf /etc/postfix/mysql_*cf # Postfix # chmod 0640 /usr/local/etc/amavisd.conf # Amavisd # chmod 0600 /usr/local/etc/apache22/Includes/awstats.conf # Awstats |
