Security & setup warnings - Installatron installation


#1

Hello!

I am renting an "out-of-the-box" shared hosting solution and installed ownCloud via Installatron.

I keep receiving the following security warnings:
Transactional file locking should be configured to use memory-based locking, not the default slow database-based locking. See the documentation :arrowupper_right: for more information._
/dev/urandom is not readable by PHP which is highly discouraged for security reasons. Further information can be found in our documentation.
The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.
No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our documentation.

Having read ownCloud's documentation, I am none the wiser since the documentation seems to presuppose control over the server via a shell. I am nothing more than a rookie and am left with the feeling that my ownCloud installation is unsafe and haven't got a clue how to secure the server.

Does anyone know how I can secure my server? Any help would be appreciated!


#2

Hi,

Those are security warnings that should be considered for optimal performance.

You are correct that the documentation assumes you have shell access.

Can you ask the support or the admins of your hoster to implement those?


#3

Thank you for your reply!

What are the actual security implications of not following up on those warnings? Are those nice to haves or am I leaving the installation wide open?

Can I store important documents on the server while the warnings have not been addressed?


#4

These are described in the documentation:

https://doc.owncloud.com/server/10.0/admin_manual/configuration/server/security_setup_warnings.html?highlight=warnings

Transactional File Locking prevents simultaneous file saving.


While redirecting all traffic to HTTPS is good, it may not completely prevent man-in-the-middle attacks. Thus administrators are encouraged to set the HTTP Strict Transport Security header, which instructs browsers to not allow any connection to the ownCloud instance using HTTP, and it attempts to prevent site visitors from bypassing invalid certificate warnings.


You can significantly improve ownCloud server performance by using memory caching. This is the process of storing frequently-requested objects in-memory for faster retrieval later. There are two types of memory caching available