修复Bugzilla和svnmanager的安全漏洞

https的配置:

1 httpd.conf中打开如下conf文件的配置:

Include etc/opt/CollabNet_Subversion/conf/extra/httpd-vhosts.conf

2 在extra/httpd-vhosts.conf中增加下面配置:

<VirtualHost *:80>

 RewriteEngine On

 RewriteCond %{SERVER_PORT} !^443$

 RewriteRule ^(.*)?$ https://%{SERVER_NAME}$1 [L,R]

# RewriteBase /

# RewriteCond %{SERVER_PORT} 443

# RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

</VirtualHost>

同时去掉所有<VirtualHost *:80>相关的其他配置,即只保留一份<VirtualHost *:80>设置。

3 打开ssl的配置:

Include etc/opt/CollabNet_Subversion/conf/extra/httpd-ssl.conf



修复问题:不用登陆即可查询数据。

修改data/params中的属性为:'requirelogin' => '1',



修复phpinfo.php页面信息泄露问题,将文件

/opt/svnmanager-1.08/phpinfo.php改名 phpinfo_php



修复https://bugzilla.lenovo.com/svnmanager/js/datepicker/css/等目录下的遍历问题。

修改httpd_svnmanager.conf,注释掉Options Indexes FollowSymLinks

Alias /svnmanager/ "/opt/svnmanager-1.08/"


<Directory "/opt/svnmanager-1.08/">

   AllowOverride none

#   Options Indexes FollowSymLinks

   Order allow,deny

   Allow from all

</Directory>



bugzilla与LDAP的集成:

修改data/params的配置:

'LDAPBaseDN' => 'dc=lenovo,dc=com',

'LDAPbinddn' => 'uid=admin,ou=system:secret',

'LDAPfilter' => '',

'LDAPmailattribute' => 'mail',

'LDAPserver' => 'ldap://10.99.201.86:10389',

'LDAPstarttls' => 0,

'LDAPuidattribute' => 'uid',

'user_verify_class' => 'LDAP',


20160329补充:

为了升级OpenSSL,必须升级Collabnet_Subversion,因为OpenSSL被集成进了Collabnet_Subversion


针对问题:HTTP TRACE / TRACK Methods Allowed

修改httpd.conf,增加:

TraceEable off


针对问题:

你可能感兴趣的:(修复Bugzilla和svnmanager的安全漏洞)