Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

SLiMS Security

by Hendro Wicaksono

Purwoko ibn Sangadi

on 4 October 2012

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of SLiMS Security

SLiMS Technical Aspects Apache Hardening <li><a class="menu" href="index.php?p=login"><span><?php echo __('Librarian LOGIN'); ?></span></a></li>

Change to

<!-- <li><a class="menu" href="index.php?p=login"><span><?php echo __('Librarian LOGIN'); ?></span></a></li> →

Or delete the line. Security by obscurity (2) #!/bin/sh

# membersihkan folder backup
rm -Rf /home/hendro/backup/*

# membuat subfolder sql utk menyimpan
mkdir -p /home/hendro/backup/slims_backup/sql
mkdir -p /home/hendro/backup/slims_backup/app

# dumping sql data
/usr/bin/mysqldump -u root --lock-tables --password='mysqlrootpasswd' slimsdb > /home/hendro/backup/slims_backup/sql/slims.sql

# copy app folder
cp -R /var/www/libsenayan /home/hendro/backup/senayan_backup/app/

tar -czf /home/hendro/backup/`date +%Y_%m_%d-%d_%B_%Y-%H_%M`.tar.gz -C /home/hendro/backup/slims_backup

scp /home/hendro/backup/*.tar.gz hendro@ >/dev/null 2>&1
exit Contoh skrip untuk backup Diskusi PHP Hardening Suhosin!

sudo apt-get install php5-suhosin if ($_SERVER['SERVER_PORT'] != '443') {
header ("location:../index.php");
} Edit admin/index.php: HTTPS Secure Connection (2) if ($_SERVER['SERVER_PORT'] != '443') {
header ("location:index.php");
} Edit lib/contents/login.inc.php: HTTPS Secure Connection (1) HTTP Secure Connection to Librarian Login Access Restriction based on IP Address to Librarian Login. Since SLiMS version 3 stable 15 (matoa), just copy sysconfig.local.inc.php to sysconfig.local.fa.inc.php and adjust the database connection setting for admin user. Separate database access (6) Edit index.php:

require '../sysconfig.inc.php';

change to

require '../sysconfig-opac.inc.php'; Separate database access (5) Create 2 sysconfig files:
sysconfig-opac.inc.php Separate database access (3) Read-Only for OPAC
GRANT SELECT ON senayandb.* TO opacuser@localhost IDENTIFIED BY 'password_rahasia';
GRANT UPDATE ON senayandb.member TO opacuser@localhost;

Full Access for Librarian Login
GRANT ALL PRIVILEGES ON senayandb.* TO slimsadmin@localhost IDENTIFIED BY 'password_rahasia_juga';

FLUSH PRIVILEGES; Separate database access (2) Read-Only for OPAC
Full Access for Librarian Login Separate database access (1) Separate database access. Developer:
https://github.com/slims/s3-devdocs Dokumentasi Developer Choose the web server with built-in security features MySQL Hardening Remove link to Librarian Login in OPAC Security by obscurity (1) $allowed_liblogin_ip = array('');
$remote_addr = $_SERVER['REMOTE_ADDR'];
$confirmation = 0;

foreach ($allowed_liblogin_ip as $ip) {
if ($ip == $remote_addr) {
$confirmation = 1;

if (!$confirmation) {
header ("location:index.php");
} Edit lib/contents/login.inc.php: IP Restriction to LibLogin In sysconfig.inc.php:
define('DB_USERNAME', 'slimsadmin');
define('DB_PASSWORD', 'password_rahasia_juga'); In sysconfig-opac.inc.php:
define('DB_USERNAME', 'opacuser');
define('DB_PASSWORD', 'password_rahasia'); Separate database access (4) Hendro Wicaksono SLiMS Hardening Tips Copy folder aplikasi SliMS secara berkala. Jika di Linux, gunakan cron. Strategi Back-up (2) Export “sqldump” secara berkala. Jika di Linux, gunakan cron. Strategi Back-up (1) Documentation source code (daily updated):
(latex/lyx format) http://slims.web.id/download/docs/s3-doc-id.pdf Dokumentasi Pengguna Source code management menggunakan GIT (http://git-scm.com/) SCM software Separate Account for Staffs Do not use shared account. Every staff should login with their own account. Cover data bibliografi, lampiran berkas (file attachment), cache (label, barcode, swf), Foto anggota, Back-up (sql), generated report, disimpan di filesystem. Data bibliografi, pengguna, transaksi disimpan di database MySQL. SLiMS menyimpan data Web: http://slims.web.id Download paket tarball:
http://slims.web.id/web/?q=node/1 Development page: https://github.com/slims Versi stabil terakhir:
SliMS 3 stable 15 (Matoa)
https://github.com/slims/s3st15_matoa Update Harian Choose the Right OS Choose the right Operating System for your needs. Terbukti berjalan baik pada ... hendrowicaksono@yahoo.com/gmail.com.
Twitter: @hendrowicaksono, Facebook: facebook.com/hendrowicaksono SLiMS Lead Developer Hendro Wicaksono Portabilitas yang lebih baik. Kenapa & MySQL ? xcache sudo apt-get install php5-xcache APC sudo apt-get install php-apc Performance tuning PHP Accelerator/Opcode cache http://slims.web.id Create, read, update, delete Web Server response request response request Internet
(HTTP Protocol) Librarian & member login via LDAP for single sign-on support Internet / DMZ Intranet / LAN request/ response request/ response MS Active Directory Server Library Staff Staff Production
Server Sebuah Institusi Pemerintah & instansi swasta bidang perminyakan Contoh Implementasi (2) Server Internet OPAC tidak terkoneksi langsung dengan Production Server.
Akses ke database MySQL di set “read-only” (GRANT SELECT ON dbname.* TO username@localhost IDENTIFIED BY 'paswd')
Via cron, secara berkala (15 menit) database di restore. Untuk akses OPAC, diinstal SLiMS terpisah tetapi mengacu ke database yang sama dengan username database yang “almost read-only”.
Untuk sinkronisasi folder 'images', files, repository antara aplikasi prod & opac, digunakan rsync via cron. Internet / DMZ Intranet / LAN update frequently via cron & ssh Internet OPAC backup frequently
via cron & ssh request/ response request/ response Backup/File Server Library Staff OPAC Production
Server Perpustakaan Kemdiknas RI Contoh Implementasi (1)
Full transcript