[CentOS] Server Hacked: Cpanel

Wed Aug 9 16:42:21 UTC 2006
Rodrigo Barbosa <rodrigob at darkover.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Aug 09, 2006 at 12:37:36PM -0400, Drew Weaver wrote:
> Not only it will use unsecure versions of many softwares and some
> patches
> of questionable safety, it will also stop you from using several method
> of improving security (/tmp hardening with ACLs is just one example).
> ---
> 
> 	Not to sound silly but cPanel automatically secures the /tmp
> directory since the end of last year.
> 
> Some people disable it forcefully.

If you call mounting it nodev,noexec securing it, yes true.
Unfortunately, that won't stop perl scripts from running there,
or people using it to store stuff there.

Yes, nodev,noexec is better than nothing, but it is simply
not enough (or close to enough) these days.

That is why I use Posix ACLs to secure it these days.
Apache simply can't write there.

Ok, it is a bit of security through obscurity, since you
have to reconfigure PHP to stop sessions on a different directory
anyway, and a really determined hacker might eventually find it
through some information disclosure bug, but at least you will
stop the script kiddies and mid-level hackers.

And, trust me, if you are facing a really skilled hacker, cPanel is
just one of your worries.

As a side not, I have started playing with SELinux to try and improve
the security of my servers. My main problem is that you simply
can't find a working rule set for Exim, and I'm working hard on
creating one while learning SELinux at the same time.

- -- 
Rodrigo Barbosa
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE2hBtpdyWzQ5b5ckRAl8kAKC5fHGxirtaFVh88dd1WiDklHkYUgCdFa/+
BOdBzAZY0GPF6xU2Eiyq7Nc=
=K+EQ
-----END PGP SIGNATURE-----