I were seeing c99.php source code to know how it gets /etc/passwd file. it simply uses fopen() for this goal but I think fopen() is needed and I don't like it to be disabled in disabled_functions. I wonder how can I disable just fopen("/etc/passwd","r"); without doing any restriction to fopen function at all
View 8 Repliesi run one bad command :-(
chmod -R 644 /
and this command changes all permision in root server
have any away for fixed all permision in centos?
because all site take error
i use of cpanel
Permission denied: /home/airtrade/etc/airtrade.com.tw/passwd passwd this is the error message obtained upon trying to create email accounts in cpanel.
the present permissions of the passwd file is 644 and ownership is username nobody i tried changing it to username.mail but still the same error
i have a vps, and have a problem with fopen(a function php).
When i turn on iptables, i cant use fopen funtion.
here is my iptables rules
Code:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
Allow returning packets
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Allow incoming traffic on ports 80 and 443 for web server
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp --dport 21 -j ACCEPT
Allow local traffic
-A INPUT -i lo -j ACCEPT
Allow ping
-A INPUT -p icmp --icmp-type 8 -j ACCEPT
Allow incoming SSH
-A INPUT -p tcp --dport 2200 -j ACCEPT
-A OUTPUT -d 72.233.69.3 -j ACCEPT
-A OUTPUT -d 72.233.69.2 -j ACCEPT
-A OUTPUT -d 66.135.58.62 -j ACCEPT
-A OUTPUT -d 66.135.58.61 -j ACCEPT
-A OUTPUT -d rest.akismet.com -j ACCEPT
-A OUTPUT -d api_key.rest.akismet.com -j ACCEPT
-A INPUT -s 127.0.0.1 -j ACCEPT
Ban ip
-A INPUT -s 213.152.242.28 -j DROP
COMMIT
and my php code
Code:
<?php
$handle = fopen("http://www.google.com/", "r");
if (!$handle) {
print "fopen doesn't work";
} else {
print "fopen seems to work";
}
?>
I'm migrating from shared hosting to a VPS. I have transferred my files right over, and permissions are all the same as they were on the old server.
The fopen scripts are giving me an error when trying to write to files.
Code:
failed to open stream: Permission denied
The permissions on the file are 644 and it can read from the file just fine. Giving the file world write permissions fixes the problem, but I don't want to do this for obvious reasons.
I think the reason this worked on the shared server had something to do with the apache user being defined differently but I'm honestly not sure. The php file executing the command is owned by the user that owns the document I'm trying to write to (in fact one user owns everything).
how I can fix this without giving world write permissions?
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0ync:/sbin:/bin/sync
shutdown:x:6:0hutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0perator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81ystem message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
sshd:x:74:74rivilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32ortmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
htt:x:100:101:IIIMF Htt:/usr/lib/im:/sbin/nologin
canna:x:39:39:Canna Service User:/var/lib/canna:/sbin/nologin
wnn:x:49:49:Wnn Input Server:/var/lib/wnn:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
mysql:x:101:102:MySQL server:/var/lib/mysql:/bin/bash
mailman:x:32001:32001::/usr/local/cpanel/3rdparty/mailman:/bin/bash
cpanel:x:32002:32003::/usr/local/cpanel:/bin/bash
johnny:x:32003:32004::/home/dorn:/usr/local/cpanel/bin/noshell
angel:x:32004:32005::/home/angeliq:/bin/false
clamav:x:32015:32017:Clam AntiVirus:/home/clamav:/bin/false
I heard it may pose a security risk for those unneeded users. Which lines can I remove?
i been wonder today when i try to login my account @box by SSH 21
the password is changed i think!
and when i see the logs files there is no stranger ip!
and there is no email about changeing password for my mail!
i tried to log in by another account in my server and trying to su root permission by my password
but passwd incorect!
and i change the Mysql root passwd and same thing
my support they sleep before 3 days so i should to figure my problem alone...
how to reset my root ssh passwd?
am useing Plesk VPS ...
I have been googling this for a while but am not getting anywhere. Curiosity has gotten the best of me, what are the passwd- and shadow- files used for? The date and time stamps for both the passwd- and passwd files are exactly the same, as are the shadow- and shadow files.
Are they automatically-created backups of the passwd and shadow files?
how can i save /etc/passwd there is many linux order which show my users on server
such as :
cat /etc/passwd
cat /var/cpanel/acounting.log
ls -la /etc/valiases
ls /var/named
-----------------
and how can i disable the geting orders
such as :
wget
curl -o
lynx
We have CentOS and WHM 11 on the server. Also we have PHP 4.4.4 and open base dir enabled on the server . We have a shared server with many website configured on it.
Now The user uses the following PHP code and can see the /etc/passwd file
=============================================
<?
echo ini_get("safe_mode");
echo ini_get("open_basedir");
include("/etc/passwd");
ini_restore("safe_mode");
ini_restore("open_basedir");
echo ini_get("safe_mode");
echo ini_get("open_basedir");
include("/etc/passwd");
?>
============================================
Now how to stop this. This is a security hole. how to stop this.
It there any good way to stop using from reading /etc/passwd?
I have suPHP enabled and open_basedir enabled by WHM too. But it seems susphp ignores open_basedir restrictions?
Here is virtual host config:
<VirtualHost x.x.x.x:80>
<IfModule concurrent_php.c>
php4_admin_value open_basedir "/home/xxx/:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/p$
php5_admin_value open_basedir "/home/xxx/:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>
<IfModule !concurrent_php.c>
<IfModule mod_php4.c>
php_admin_value open_basedir "/home/xxx/:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/li$
</IfModule>
<IfModule mod_php5.c>
php_admin_value open_basedir "/home/xxx/:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>
<IfModule sapi_apache2.c>
php_admin_value open_basedir "/home/xxx/:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/li$
</IfModule>
</IfModule>
ServerName xxx.com
ServerAlias www.xxx.com
DocumentRoot /home/xxx/public_html
ServerAdmin webmaster@xxx.com
UseCanonicalName Off
CustomLog /usr/local/apache/domlogs/xxx.com combined
CustomLog /usr/local/apache/domlogs/xxx.com-bytes_log "%{%s}t %I .
%{%s}t %O ."
## User xxx # Needed for Cpanel::ApacheConf
<IfModule mod_suphp.c>
suPHP_UserGroup xxx xxx
</IfModule>
<IfModule !mod_disable_suexec.c>
SuexecUserGroup xxx xxx
</IfModule>
ScriptAlias /cgi-bin/ /home/xxx/public_html/cgi-bin/
DocumentRoot /home/xxx/public_html
ServerAdmin webmaster@xxx.com
UseCanonicalName Off
CustomLog /usr/local/apache/domlogs/xxx.com combined
CustomLog /usr/local/apache/domlogs/xxx.com-bytes_log "%{%s}t %I .
%{%s}t %O ."
## User xxx # Needed for Cpanel::ApacheConf
<IfModule mod_suphp.c>
suPHP_UserGroup xxx xxx
</IfModule>
<IfModule !mod_disable_suexec.c>
SuexecUserGroup xxx xxx
</IfModule>
ScriptAlias /cgi-bin/ /home/xxx/public_html/cgi-bin/
# To customize this VirtualHost use an include file at the following location
# Include "/usr/local/apache/conf/userdata/std/2/xxx/xxx.com/*.conf"
</VirtualHost>
Scripts are running with user's UID, and that is fine, but it can still read /etc/passwd file for example.
How to fix that? Is it really open_basedir value is ignored by susphp? It works fine if I remove suphp and run scripts with nobody uid.
I set up a new account for a client using my reseller. He went to change the password and he is getting this error
There was an error manipulating the password file. This generally means you entered your old password incorrectly.
Changing password for user xxxxx.
Changing password for xxxxx
(current) UNIX password:
passwd: Authentication token manipulation error
The thing is, he is putting the password in correct. I made sure of that
I am able to change it in whm and i am able to log in to the account, i just cant change the password from cpanel
We've had a customer do something strange to their server. They were playing with /etc/passwd or /etc/shadow or similar (not quite sure of the details) but the upshot is booting the server into single user and trying to reset the password via passwd gives
passwd root (and any user)
passwd: Authentication token manipulation error
So far I've
Replaced /etc/passwd* and /etc/shadow* with a copy from another server
Turned off SeLinux
/etc/pam.d/passwd is fine
Root file system is r/w
I want to disable the use of other dns being used instead of my name servers is this possible if so how can i do this.
View 4 Replies View RelatedHow do i take one IP on the server down ?
I need to disable eth1:4 as it get ddos attack.
ifdown eth0:4 is not working
Quote:
[root@server22 ~]# ifdown eth0:4
usage: ifdown <device name>
[root@server22 ~]#
I think the command used to work before.
Anyone know how to take down only that IP with out editing ifcfg-eth0-range0 ?
Disabling POP and IMAP on cPanel
We're using Google Apps to handle all e-mail for the domain, so we have no need for POP and IMAP services running on our server (and I'm always getting e-mails from LFD that show bots are trying to connect with random passwords and such) so I want to disable them, but keep SMTP active since some scripts running on our server use it and I don't feel like rewriting them right now.
I unchecked IMAP and POP in the WHM service manager to disable them, but it's still enabled and I'm able to connect and everything. How can I completely disable these 2 services?
I have a website which has a FLV player serving .flv files which are hosted in the server. I notice that some users are directly downloading the files using the direct URL and they seem to be using download managers for that which is opening several Apache connections and open slows down Apache. I want to prevent this. I thought of preventing it using a .htaccess file but did not help. This is what I used:
<Files *>
order allow,deny
allow from 127.0.0.1
allow from localhost
deny from all
</Files>
I thought this would work but it doesn't as it is blocking the FLV player from playing the file. Can anyone tell me the right way to do it?
We all know that some php funcions are dangerous, such as:
system, system_exec, passthru, shell, shell_exec, exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg
Those functions can be disabled at php.ini using disable_functions option.
Now.. what about disable_classes option? I haven't seen anyone talking about this on the common security tutorials. What are your suggestions for this? What classes should be disabled?
Is there someway to disable shell files from working? Because even if you disable shell, shell files still seem to work...
View 2 Replies View Relatedi have a dedicated server wich has safe_mode ON.
i run a joomla portal and i am having issues regarding uploading new modules and stuff like that.. i know that the solution is disabling the safe_mode
i have tried using a customized php.ini but it didnt work... what else can i try?
I am not expert in linux box.... Actually I have found a problem in my machine, our clients are not able to access their sites from server, when I checked the system log it was related to Permission Denied. Someone told me to disable SELinux enforcing, Now after that my problem resolved.
But I am curious that what exactly Selinux is and what kind of issue it may create for my box if I disable it?
I have RH ES4 running as a vhost on Plesk.
Does anyone know how I can turn off IonCube? I don't see the .so for IonCube in php.ini
I just got a new vps running virtuozzo with cpanel/whm. I have no plans on ever using email on this server. What's the best way to turn all of it off from whm/cpanel and is it worth doing to speed up the server?
View 4 Replies View RelatedI am trying to troubleshoot messages piling up in my /var/log/messages on CentOS 5 that look like this:
Apr 18 10:04:01 sc16 kernel: printk: 3 messages suppressed.
Apr 18 10:04:06 sc16 kernel: printk: 2 messages suppressed.
Apr 18 10:04:14 sc16 kernel: printk: 3 messages suppressed.
Apr 18 10:04:17 sc16 kernel: printk: 1 messages suppressed.
Apr 18 10:04:25 sc16 kernel: printk: 3 messages suppressed.
Apr 18 10:04:31 sc16 kernel: printk: 1 messages suppressed.
Apr 18 10:04:39 sc16 kernel: printk: 2 messages suppressed.
The messages are supressed so I can't see what they are or what is causing them.
How can I disable printk supression?
I have already tried:
echo 0 > /proc/sys/kernel/printk_ratelimit_burst
echo 0 > /proc/sys/kernel/printk_ratelimit
They don't seem to disable it... Any ideas?
I like to disable the CGI Module in httpd.conf. Can you please help me to disable the CGI Module.
View 5 Replies View Relatedi have a problem with a hacker that uses .htaccess to disable mod_security
using this code
PHP Code:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
so is there a way to stop this?
also they have come up with a smart way to run shell files named as images using this code in .htaccess
PHP Code:
AddType application/x-httpd-php .gif
is there a way to disable the "AddType application"?
login as: hen
hen@xx.xx.xx.xx's password:
Last login:
hen@root [~]# su -
Password:
su: incorrect password
I verified that root password is correct, but no matter how many times I tried, I can't su in
Where's my su permission
-rwxr-xr-x 1 root wheel 24060 Mar 22 2007 /bin/su*
here's inside /etc/group
wheel:x:10:root,hen
someone develop a game which is server-centric. Everything is done server-side. In any case, he can compile it without a problem in Ubuntu, but on my CentOS 4.4 servers, he's having trouble.
The one last bug that he's hit, is that he needs to disable the stack protector on CentOS 4.4 in order to compile the game without any more problems.
in order to secure my server against instrusion, i disabled ssh root login and created a user for myself. however in order to access the user i need to enable SSH Password authentication
I dont enable password authentication all the time and i keep it disabled unless i need to do something via ssh.
Now my question will be, is there a way to keep the user i created and keep the root login disabled and password authentication disabled but use ssh keys for the user i created?
I was informed that if i opt to login to ssh via the user i created, the only way to do that is to enable password authentication as it cannot work with ssh keys. is this true?
I really hope someone can help me how to use the user i created together with ssh keys so i dont have to enable password authentication when loggin to ssh