Linux Security Best Practices

I was wondering if there is a list of best practices somewhere for installations on Linux servers from the [U]security[/U] perspecive.

For example, I find letting 777 access to all out/ files and folders opens up the possibility of a attacker defacing the shop by manipulating tags in the oxid.css file.

Appreciate comments from the community.


Hi Ashant,

on most systems, the installation is pretty simple and the shop takes over setting the right permissions for the files. As nowadays we have more and more “restrictive” systems around, I wrote a little concept for a feature request for this:

Hope to get it implemented soon(ish)