Implement AppArmor support for Apache
AppArmor provides much stronger security for web applications than what is currently available, especially since PHP open_basedir is both slow and known to be insecure.
With AppArmor you don't need such settings, and it is possible to allow PHP functions such as exec() and system() - but only allow access to certain binaries. This provides a more flexible system for our customers, and we have more fine-grained control over what they can and cannot access.
http://wiki.apparmor.net/index.php/Mod_apparmor_example
Additional AppArmor profiles for services that come with Plesk might be useful too, but securing Apache is the main thing.
M.H.
shared this idea
Thank you for your input!
Unfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG