Mediawiki absichern

Aus Laub-Home.de Wiki
Zur Navigation springen Zur Suche springen

Hier eine kleine Anleitung wie man den Anonymous Benutzern, also den nicht eingeloggten Mediawiki Benutzern so gut es geht die Rechte im Wiki entzieht. Sie sollen wenn möglich nur Artikel Lesen dürfen. Requirements:

/etc/mediawiki/LocalSettings.conf

# E-Mail adress valididation
$wgEmailConfirmToEdit = true;

# Prevent new user registrations except by sysops
$wgWhitelistAccount = array ( "user" => 0, "sysop" => 1, "developer" => 1 );
$wgGroupPermissions['*']['createaccount'] = false;

# Disable anonymous editing and talk
$wgGroupPermissions['*']['edit'] = false;
$wgDisableAnonTalk = true;

# Anonymous users can't create pages
$wgGroupPermissions['*']['createpage'] = false;
$wgShowIPinHeader = false;

# Enable Lockdown Extension
require_once( "$IP/extensions/Lockdown/Lockdown.php" );
# Use Lockdown to lock Sites and Functions
$wgSpecialPageLockdown['Version'] = array('user', 'bureaucrat', 'sysop');
$wgSpecialPageLockdown['Export'] = array('user', 'bureaucrat', 'sysop');
$wgSpecialPageLockdown['Listfiles'] = array('user', 'bureaucrat', 'sysop');
$wgSpecialPageLockdown['Listusers'] = array('user', 'bureaucrat', 'sysop');
$wgSpecialPageLockdown['Statistics'] = array('user', 'bureaucrat', 'sysop');
$wgSpecialPageLockdown['Protectedpages'] = array('user', 'bureaucrat', 'sysop');
$wgSpecialPageLockdown['Version'] = array('sysop');
$wgSpecialPageLockdown['Booksources'] = array('user', 'bureaucrat', 'sysop');
$wgActionLockdown['history'] = array('user', 'bureaucrat', 'sysop');
$wgActionLockdown['edit'] = array('user', 'bureaucrat', 'sysop')

# Enable SimpleSecurity
$wgSecurityUseDBHook = true;
include_once("$IP/extensions/SimpleSecurity/SimpleSecurity.php");
$wgSecurityRenderInfo = true;
$wgSecurityAllowUnreadableLinks = false;
# Add new Security Group
$wgSecurityExtraGroups = array(
        'Security1' => 'Security Group'
        );