Protect iTop setup
Why
The setup wizard used during first install could be disabled to reduce attack surface. Two files are particularly concerned :
-
setup/index.php : of course
-
setup/phpinfo.php : gives lots of informations about the system
How
You shouldn't remove the whole setup/ directory as it contains files that are necessary for iTop.
Instead you could block web access using a file appropriate to the web server you're using. Such files are already present in the data/ directory, for example :
* Apache httpd : https://github.com/Combodo/iTop/blob/develop/data/.htaccess
* Microsoft IIS : https://github.com/Combodo/iTop/blob/develop/data/web.config
iTop update
To ease iTop update, you might want to automate the procedure. See Automated installation.
2_6_0/install/itop_setup_protection.txt ยท Last modified:
2020/02/05 11:42 (external edit)