Potential backup issues on servers with disabled /bin/tar

[ericgregory]

It has been brought to our attention that backups are not running
properly on servers that have disabled /bin/tar. To eliminate this issue before
it becomes a problem please check the following:

Permissions on /bin/tar should be 755. This can be accomplished from
a root shell via the following command:
root@host [~]# ls -l /bin/tar

If the result of that command starts as follows you are all set and
everything should be working:

-rwxr-xr-x

If not, please execute the following command:
root@host [~]# chmod 755 /bin/tar

As always, if you have any questions or run into any problems our
technical team is standing by to offer any assistance you may need by accessing https://tickets.cpanel.net/submit/

[crazyaboutlinux]

i did & it is working fine

Thanks for sharing the information.

[Spiral]

Tar is one of those used by the system too extensively to generally disable.

There are some commands that I would lock down in /bin and /usr/bin
respectively and for those, it will help quite a bit, to name just a few:

lynx (Haven't found anyone needing this - 0500 hasn't been a problem)
wget (This one helps to set owner 'root:cpanel' with 0750)
chattr (I generally 0700 it to 'root:root' and Chattr +i itself)
chown (0700 'root:root' & chattr +i)
touch (same as Chown)

The important thing is you don't want to kill a standard command that
might actually be needed by some service on your server or Cpanel.

The ones listed above work fine with the tightened permissions and I've
tested this out and there are a number of others but the ones listed above
will wreak havoc on most of the automated hack systems and make internal
attacks a lot more difficult (at least being able to properly cover their tracks).