The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A-squad security audit

Discussion in 'Security' started by AbeFroman, Sep 18, 2004.

  1. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    Performing white box security audit...
    PASSED: cPanel INSTALLED (9.7.7-EDGE_10)
    FAILED: Privileged UID Vulnerability Check (99) Explain
    >>This is just saying i dont have suexec enabled

    FAILED: nobody execution Explain
    >>This is just saying i dont have suexec enabled

    FAILED: Stealth Snoop Vulnerability [/home/factoryf] Explain
    >>Can you have the home directory as group nobody and 750 perm and still run phpsuexec?

    PASSED: Simple $HOME Scanning [/home/factoryf]
    PASSED: Group $HOME Scanning [/home/factoryf]
    PASSED: Root /home scanning
    PASSED: Simple WEBROOT Protection
    FAILED: Real WEBROOT Protection Explain
    >>Can you have the home directory as group nobody and 750 perm and still run phpsuexec?

    PASSED: CVE-2004-0490 mod_phpsuexec PATH_TRANSLATED Vulnerability Test
    PASSED: CVE-2004-0529 suEXEC mod_php Taint Vulnerability Test
    PASSED: CAN-2004-0546 cpwrap suid root Vulnerability Test
    FAILED: One or more insecure cPanel configurations were detected. Visit A-Squad.Com for details on where to find more secure cPanel hosting.
    >>Where can I find out what is in secure here with the last fail?
     
  2. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    bump......
     
  3. orb_sp

    orb_sp Active Member

    Joined:
    Aug 7, 2003
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6

    My suggestion would be to approach A-Squad.com to find out exactly what it's testing to determine what may have failed.
     
  4. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    subscribing to thread...

    its very interesting
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I wouldn't contact them. Theire script has already been derided in the past as a marketing ploy.

    All it is telling you is that you don't appear to have suexec or phpsuexec enabled. The directory permissions can be addressed simply by running:
    /scripts/enablefileprotect
     
  6. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    # Performing white box security audit... PASSED: cPanel INSTALLED (9.9.0-CURRENT_55)
    # PASSED: Privileged UID Vulnerability Check (32003)
    # PASSED: User sblitz (32003) is probably not shared
    # FAILED: Stealth Snoop Vulnerability [/home/sblitz] Explain
    # PASSED: Simple $HOME Scanning [/home/sblitz]
    # PASSED: Group $HOME Scanning [/home/sblitz]
    # PASSED: Root /home scanning
    # PASSED: Simple WEBROOT Protection
    # PASSED: Real WEBROOT Protection
    # PASSED: CVE-2004-0490 mod_phpsuexec PATH_TRANSLATED Vulnerability Test
    # PASSED: CVE-2004-0529 suEXEC mod_php Taint Vulnerability Test
    # PASSED: CAN-2004-0546 cpwrap suid root Vulnerability Test
    # FAILED: One or more insecure cPanel configurations were detected. Visit A-Squad.Com for details on where to find more secure cPanel hosting.

    thats mine...
    im kinda interested in the fact that neither of those should be showing up... and that they are basically telling you to contact a-squad so they can get you to fork over some $$
     
Loading...

Share This Page