Main

INFORMATION PROVIDED BY THIS SCRIPT NEEDS TO BE READ IN CONTEXT OF OUR WHOLE SECURITY SCHEMA
We are in project with root: /var/www/publichealthregister.org.uk

SQL examples to search for APACHE writable folders and files

SELECT DISTINCT folder, USER, `group`, perm FROM filemap WHERE folder LIKE '/var/www/publichealthregister.org.uk/%' AND isdir=1 AND (USER='www-data' OR `group`='www-data' OR CONV2(perm) & 2 >0)
SELECT folder || fn AS fn, perm, USER, `group` FROM filemap a WHERE folder LIKE '/var/www/publichealthregister.org.uk/%' AND isdir=0 AND ( ((USER='www-data' OR `group`='www-data') AND NOT EXISTS(SELECT * FROM filemap WHERE filemap.folder=a.folder AND isdir=1 AND `group`="www-data")) OR CONV2(perm) & 2 >0 )

This folders support file upload from web in acceptable way, but not configured in /var/www/publichealthregister.org.uk/etc/security.conf (chect it)

SELECT isdir, folder, perm, user, `group` FROM filemap WHERE folder LIKE '/var/www/publichealthregister.org.uk/%' AND isdir=1 and `group`='www-data' and user in ('xtdev', 'www-data') and perm=775
FolderPermissionsUserGroup

This folders support file upload from web in wrong way (error)

SELECT folder, perm, user, `group` FROM filemap WHERE folder LIKE '/var/www/publichealthregister.org.uk/%' AND isdir=1 and ( (`group`='www-data' and CONV2(perm) & 16 >0) or (user='www-data' and CONV2(perm) & 512 >0) or (CONV2(perm) & 2 >0) ) and not (`group`='www-data' and user in ('xtdev', 'www-data') and perm=775)
FolderPermissionsUserGroup

Folders containing PHP/script files should not be writtable by Apache (error)

SELECT filemap.folder, perm, user, `group`, scripts FROM filemap INNER JOIN (SELECT folder, COUNT(*) AS scripts FROM filemap WHERE folder LIKE '/var/www/publichealthregister.org.uk/%' AND isdir=0 AND ext='php' GROUP BY folder) x ON x.folder=filemap.folder WHERE isdir=1 and not (user='xtdev' and user=`group` and perm=775) ORDER BY filemap.folder
FolderPermissionsUserGroupScripts

Folders and files with not approved permission settings (error)

SELECT isdir, folder || fn as f, perm, user, `group` FROM filemap WHERE folder LIKE '/var/www/publichealthregister.org.uk/%' and (not ( (isdir=1 and user='xtdev' and `group` in ('xtdev', 'www-data') and perm=775) or (isdir=1 and user='www-data' and `group`='www-data' and perm=775) or (isdir=0 and user='xtdev' and `group` in ('xtdev', 'www-data') and perm=664) or (isdir=0 and user='www-data' and `group`='www-data' and perm=664) ) OR (isdir=0 and ext in ("php", "inc") and (`group`='www-data' or user='www-data' or CONV2(perm) & 2 >0)))
DirectoryFolder/FilePermissionsUserGroup
0/var/www/publichealthregister.org.uk/lst1QeRb3600rootroot

Folders should be protected by .htaccess against PHP/script execution (error)

SELECT filemap.folder, IFNULL(hasHt, 'missing') as hasHt FROM filemap LEFT JOIN (SELECT folder, 1 AS hasHt FROM filemap WHERE fn='.htaccess') ht ON ht.folder=filemap.folder WHERE filemap.folder LIKE '/var/www/publichealthregister.org.uk/%' AND isdir=1 AND (`group`="www-data" OR CONV2(perm) & 2 >0) ORDER BY filemap.folder
FolderHas htaccess

Big Files

use query like: SELECT * FROM filemap WHERE folder LIKE '/var/www/publichealthregister.org.uk/%' AND isdir=0 AND size>1024*1024*5 ORDER BY size desc
SELECT CASE WHEN size>104857600 THEN '>100M' WHEN size>10485760 THEN '>10M' WHEN size>1048576 THEN '>1M' ELSE 'other' END AS sz, COUNT(*) AS c FROM filemap WHERE folder LIKE '/var/www/publichealthregister.org.uk/%' AND isdir=0 GROUP BY sz
SizeCount
other1765

# initialize top level folder /var/www/publichealthregister.org.uk sudo chown -R xtdev "/var/www/publichealthregister.org.uk" find "/var/www/publichealthregister.org.uk" -type f -exec chmod 0664 {} \; find "/var/www/publichealthregister.org.uk" -type d -exec chmod 0775 {} \; sudo chgrp -R xtdev "/var/www/publichealthregister.org.uk" # apply section [apache_writable_dir] sudo chgrp -R www-data "/var/www/publichealthregister.org.uk/www/files/" sudo chgrp -R www-data "/var/www/publichealthregister.org.uk/www/tmp/" # add block for PHP execution to .htaccess files in Apache writable folders /usr/local/xtservers/bin/hardening/xtfolder_protectexec.sh "/var/www/publichealthregister.org.uk/www/files" /usr/local/xtservers/bin/hardening/xtfolder_protectexec.sh "/var/www/publichealthregister.org.uk/www/tmp" # this will stop prjsec.php to work in virtual host root folder ###chmod 0771 /var/www/publichealthregister.org.uk

HDD Info

HDD free 76.06 GB of 99.95 GB
.done.