SiteSafe from Internet Connection
The SiteSafe utility provides Internet Connection's Unix/Linux hosting
customers with an excellent means of securing their websites and content.
SiteSafe allows you to lower the access rights of your account.
The reduced privileges apply to all scripts and pages on your site,
including CGIs and PHP pages. Once these reduced privileges are in place, the
files that make up your site can neither be modified nor deleted.
This can dramatically reduce the number of problems that may occur as a
result of buggy CGI and PHP applications.
SiteSafe also allows you to resume normal access rights at any time with a security token that is granted when SiteSafe is enabled, thus giving you the ability to make legitimate changes to your web site and applications.
Enabling SiteSafeSiteSafe must be enabled via the command line interface of your account. If you are unfamiliar with using the command line interface, please consult the IC Tech. Ref. Document Your Account's Command Line Interface. Once you have logged into your account you will be at your command prompt:
bash-2.04$From this prompt, enter the command "sitesafe" to see the current status of SiteSafe:
bash-2.04$ sitesafeTo enable SiteSafe, simply type "sitesafe on" and hit enter. You should then see lines similar to the following:
sitesafe is off
bash-2.04$ sitesafe onIt is VERY important that you save the alphanumeric key returned after turning sitesafe on, as you will need this key in order to turn sitesafe off.
run this command to disable sitesafe:
Configuring SiteSafeYou must specify those directories that your web applications will need to retain access to when SiteSafe is enabled. These are any directories containing files that your web applications write to. Consult the documentation for your web applications to determine what directories must be writable. Once you have determined which areas should remain writable, they may be specified in a file which must be named ".sitesaferc", and placed in the root directory of your account. For example, if you wanted to allow modifications in the "ftpshare" directory and in the "uploads" directory, your .sitesaferc file would look like this:
Disabling SiteSafeYou will need to disable SiteSafe to upload new files, change/delete existing files, or make any other changes to files and directories that are protected by it. Disabling SiteSafe must be done using your account's command line interface. Once you have logged into your account you may disable SiteSafe by typing "sitesafe" followed by the key you were given when you enabled SiteSafe, and hitting enter. For example:
bash-2.04$ sitesafe 57552077543e5cf8If you forgot or misplaced your SiteSafe key, please contact the Support department to have our support technicians disable SiteSafe for you.
sitesafe is off
SiteSafe ConflictsAs SiteSafe prevents modifications to your files, there are some tools that will not work properly with SiteSafe. These tools are listed below:
The spam and virus filter will not work properly with SiteSafe, thus SiteSafe cannot be enabled while one or more of your site's mailboxes are using the SVFilter. It will warn you should you try to enable it:
bash-2.04$ sitesafe onYou must first disable your email spam and virus filtering via the netConsole before enabling SiteSafe.
sitesafe is incompatible with the svfilter (presently)
- General SiteSafe netConsole Conflicts Most other netConsole features will not currently work with SiteSafe, as these features require the ability to create and/or modify files, which SiteSafe prevents.
SiteSafe Quick Reference
-Displays the current status of SiteSafe
-Enables SiteSafe and returns an alphanumeric key which must be used to disable SiteSafe
-Disables SiteSafe (where key is the alphanumeric key provided when SiteSafe is enabled)