Security Best Practices

SuiteCRM Forum - English Language Installation & Upgrade Help
#1

Is there any security best practices for securing SuiteCRM? I’m using it for a very small organization, but I want to make sure the server and data is protected from baddies. I have looked around but cannot find anything describing how to ensure someone does not mess with the app or data or use it to get broader access to the server. I found a 5 year old post about fail2ban, but would appreciate something more recent, and certainly broader.

I am happy to pull together resources if you want to point me at individual nuggets.

TIA

#2

Hi. I don’t know of any resources specific to SuiteCRM with a lot of advice. But you should be ok if you just follow generic PHP/Apache security advice.

I just recommend removing the “world” permissions altogether by setting the appropriate zeroes:


  sudo chown -R www-data:www-data .
  sudo chmod -R 750 .
  sudo chmod -R 770 cache custom modules themes data upload
  sudo chmod 770 config_override.php 2>/dev/null

NOTE that that www-data needs to be replaced by the user name that your web server is running under.

This SugarCRM documentation might also help, although some things might not apply to SuiteCRM: https://support.sugarcrm.com/Documentation/Sugar_Developer/Sugar_Developer_Guide_7.9/Security/Web_Server_Configuration/index.html

1 Like