Cpanel /home Permission Hardening
Mar 26, 2009
Since this got lost (google cache of thread discussion so far)
[url]
im reposting because i think it was an interesting discussion.
I'm setting up a cpanel server for the first time. I was wondering if i could harden the default cpanel permissions for the user folders in /home The idea is to prevent users viewing each others files. Please don't suggest the php open_basedir option as its not secure and doesn't work with cgi based file browsers.
Note I'm using suexec/suphp.
currently new cpanel users folders are created with
group and user ownership and the permissions 755
I was thinking if i changed this to 711 would this break anything?
Could i lock this down even more by changing the group ownership to "nobody" and thus have permissions 710.
View 3 Replies
ADVERTISEMENT
Oct 29, 2009
We have discussed all the basic methods of securing and hardening the server. Lets leave all the basic and general server securing and hardening I have started this to get advance knowledge in securing and hardening of the server so that it will usefull for all the person So i request all to provide all the vaulable tips and suggestions in advance securing and hardening of linux servers I welcome all the comments related to advance securing and hardening of linux servers.
View 5 Replies
View Related
Jul 20, 2008
Permission denied: /home/airtrade/etc/airtrade.com.tw/passwd passwd this is the error message obtained upon trying to create email accounts in cpanel.
the present permissions of the passwd file is 644 and ownership is username nobody i tried changing it to username.mail but still the same error
View 1 Replies
View Related
Nov 11, 2008
I have a problem with cpanel permision and joomla 1.5. In case, I install something likes templates from joomla backend, and then I try for modifying it from cpanel file manager, I got error that FileOp Failure on: "path to edit here" Permission denied
View 11 Replies
View Related
Feb 15, 2008
I'd like to give my username on my server permission to access g++ to compile custom C++ programs. I know I can just su - and compile as root, but I really don't like that.
What do I need to do to allow ONLY my username permission to do that?
View 4 Replies
View Related
Apr 16, 2009
So I did something terribly dumb early this AM...go me...and I had to reinstall. Yes, it was that bad. Kernel panics, a hoarked up bootloader, nothing in the execution path, etc. Let's just say that between the 2.6.18-128.el5 kernel (I've been reading that there are a lot of reports of file corruption after this update, something I saw as well...) and yum doing something it wasn't supposed to, I'm having to start over. Thank goodness for backups. Anyways, to my questions:
CentOS 5.3 64-bit, clean install, no CP yet. I'm trying to get the base OS clean, simple and hardened before I put DA on there again and restore my websites but I have a few questions since I'm a network dork and normally pay for people to do the extended server hardening for me.
/etc/passwd/ ....
View 1 Replies
View Related
Nov 8, 2008
Does any one know of any good articles/tutorials on how to harden PHP and Apache on a cPanel VPS?
View 6 Replies
View Related
Feb 6, 2008
I have a dedicated server, and want to make it safe...
I once had a HOWTO to do that with things as APF and such, but is there some howto out there that is recent?
View 3 Replies
View Related
Jan 12, 2008
I want to restrict ALL port 25 and port 26 email only to users who authenticate first.
I thought it came this way on Cpanel boxes, but yet there's a ton of crap being relayed through my box and getting me on tons of blacklists.
View 0 Replies
View Related
Sep 15, 2007
What a few things you would do to boost the security of your VPS? So far I have securing/restricting SSH access, installing chkrootkit and putting up a firewall. Any other things I should do?
Just noticed I put VPS Server Hardening, should be VPS Hardening
View 10 Replies
View Related
Oct 25, 2007
There are many people who sell server hardening for windows and linux and all the packages are pretty much the same. I don't want to give anyone outside access to my server no matter how much they claim to be good, fact is once it's out, it's out.
Is there an online resource with some sort of check list and links for a quality server hardening for windows and linux servers?
I.E. install this, install that, configure this?
Seems that do it yourself is worth the training and $100
View 5 Replies
View Related
Jul 22, 2007
Is there a guide or check list of settings to make on a new box that I can follow to lock it down?
View 1 Replies
View Related
Nov 14, 2008
What is the easiest way to get cpanel to install on a home server to play with it? Do they have some kind of unlimited trial that limits to private class IP range or something? Would be neat to mess around with. I'd run it in a VM in the 10.1.1.x range and afaik their licensing goes by IP so if they see that IP they obviously know its not being used for a real hosting company. (well you technically could nat I suppose...)
I also though of just ordering a cpanel dedicated server to mess around with but prefer to do it at home in a VM, and possibly at no cost. Anyway this can be done (legally)?
View 7 Replies
View Related
Mar 19, 2009
where I can find a guide or how-to to hardening Debian Lenny web server (a xen vps one)?
View 0 Replies
View Related
Nov 27, 2007
while the ELS script looks pretty sexy on paper, it appears that the hardening of the /tmp and /shm is fairly problematic on CentOS 5 systems. Apparently the entire process is mucking up /etc/fstab and yes, I know, I'm being 100% lazy by using a script...so sue me.
Wanted to see if anyone had any success or complete disaster stories running ELS on a CentOS 5, preferrably 64-bit, system in the past few months and would be willing to share their experience. There's more than just the filesystem hardening in it and I'm looking for some of the other aspects but that seems to be the reoccuring nightmare scenario people are having.
For those wondering what ELS is, here's a good (and bad) discussion about it on the DirectAdmin forums. I'm sure there's others but this is where my search started.
[url]
View 2 Replies
View Related
Nov 23, 2007
1. I don't use nor will I EVER use cPanel (royal POS in my opinion). I might, however, have DirectAdmin installed (not sure yet)
2. CentOS 5, 64-bit edition
3. Apache 2.2 latest, MYSQL 5.1 latest, PHP 5.2 latest
I usually use appears to be super busy and just not able to get the job done. No slight on him, he has a busy work schedule. So I'm looking to go outside of my comfort zone and see other companies to use. I don't think I can use Platinum as I outright refuse to even discuss cPanel as an option. If I want an underperforming, unsecure and incompatible web and database server, I'll run Windows.
So I'm looking for the usual end-to-end hardening package. I'm too lazy to do it myself and I'll forget to do something. Any recommendations out there in WHT land?
View 3 Replies
View Related
Apr 23, 2007
Is there a way to automate the generation and FTP of home directory backups in Cpanel?
CPanel lets you create a full account backup and ftp's the result to another server but can only be done manually from what i understand. Is there a way to initiate the process automatically? maybe schedule it for once a week.
View 3 Replies
View Related
Dec 24, 2008
Other than anti-virus
View 8 Replies
View Related
Aug 15, 2008
We have a linux server running cPanel/WHM and using Exim for mail, we're also using SpamAssassin to label messages as spam. I have made a few modifications to settings and installed things like DomainKeys, but am wondering if I am doing enough.
My objectives are to:
1) Prevent mail users on the server from being inundated with spam, and/or be able to effectively manage any spam that does come through.
2) Ensure that messages that my mail users send out remains as highly deliverable as possible.
3) Make it difficult for third parties to exploit my mail server for their own spamming needs.
Are there any good tutorials out there on this stuff that should at least cover some of my bases? Where should I begin? The only thing preventing me from hiring out the work to someone else is that I'd like to learn how to do it myself.
View 3 Replies
View Related
