Created
February 22, 2020 15:07
-
-
Save xtrcode/e6f2ebc70c64f076c6ef92a54db968e3 to your computer and use it in GitHub Desktop.
froxlor webapp hardening
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| # | |
| # this script is intended for use with froxlor to automatically | |
| # set the correct user & group rights for froxlor customers. | |
| # each function (except cleanup) contains specific chmods for | |
| # the desired webapp. | |
| # | |
| # froxlor customer who owns the webspace | |
| USER=froxlorcustomer1 | |
| GROUP=froxlorcustomer1 # it's expected that nginx' user is member of the group | |
| # list of files which aren't needed in production | |
| FILES_TO_DELETE=('.git' '.gitignore' 'yarn.lock' 'composer.json' 'composer.lock' 'composer.phar' | |
| 'CHANGELOG.md' 'README.md' 'CREDITS.md' 'COPYING.md' 'Gemfile' 'Gemfile.lock' | |
| 'GNUmakefile' 'Makefile' 'README.md' 'RELEASE_PROCESS.md' 'webpack.config.js' | |
| 'phpunit.xml.dist' 'postcss.config.js' 'package.json' 'LICENSE.md' 'SECURITY.md' | |
| 'browserconfig.xml' 'crowdin.yml' '.env.example' '.env.example.complete' '.gitattributes' | |
| '.github' 'LICENSE' 'package-lock.json' 'phpcs.xml' 'phpunit.xml' 'readme.md') | |
| function cleanup() { | |
| for i in "${FILES_TO_DELETE[@]}" | |
| do | |
| rm -rf "${i}" | |
| done | |
| } | |
| # | |
| # https://wallabag.org/en | |
| # | |
| function wallabag () { | |
| if [[ ! -d "${1}" ]]; then | |
| echo "[wallabag] provided directory doesn't exists" && exit 1 | |
| fi | |
| cleanup "${1}" | |
| chown "${USER}:${GROUP}" -R "${1}" | |
| chmod 510 -R "${1}" | |
| chmod 700 -R "${1}"/var | |
| return 0 | |
| } | |
| # | |
| # https://privatebin.info/ | |
| # | |
| function privatebin () { | |
| if [[ -d "${1}" ]]; then | |
| echo "[privatebin] provided directory doesn't exists" && exit 1 | |
| fi | |
| cleanup "${1}" | |
| chown "${USER}:${GROUP}" -R "${1}" | |
| chmod 550 -R "${1}" | |
| chmod 700 -R "${1}"/data | |
| return 0 | |
| } | |
| # | |
| # https://github.com/shaarli/Shaarli | |
| # | |
| function shaarli () { | |
| if [[ -d "${1}" ]]; then | |
| echo "[shaarli] provided directory doesn't exists" && exit 1 | |
| fi | |
| cleanup "${1}" | |
| chown "${USER}:${GROUP}" -R "${1}" | |
| chmod 510 -R "${1}" | |
| chmod 700 -R "${1}"/data/ | |
| chmod 600 -R "${1}"/cache/ | |
| return 0 | |
| } | |
| # | |
| # https://www.bookstackapp.com/ | |
| # | |
| function bookstack () { | |
| if [[ ! -d "${1}" ]]; then | |
| echo "[bookstack] provided directory doesn't exists" && exit 1 | |
| fi | |
| cleanup "${1}" | |
| chown "${USER}:${GROUP}" -R "${1}" | |
| chmod 550 -R "${1}" | |
| chmod 700 -R "${1}"/storage/ | |
| chmod 750 -R "${1}"/public/uploads/ | |
| return 0 | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment