The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

disable perl for nobody

Discussion in 'Security' started by atokatli, Mar 24, 2008.

  1. atokatli

    atokatli Member

    Joined:
    Apr 23, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    hi,
    at the last days someone executing perl scripts in /tmp directory with nobody
    how can I disable perl for not executing with nobody
    or disabling for tmp
     
  2. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Why don't you think in another direction, and just don't allow the execution of perl scripts from the /tmp path?
     
  3. atokatli

    atokatli Member

    Joined:
    Apr 23, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    but how I can make

    but I do not know how I can make
    I googled it
    and I can not find any document
    could you give me example sites
    thanks
     
  4. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
  5. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Of more concern is how they actually got into your machine to be running scripts in /tmp. You can almost guarantee that they're someone who's broken into an account rather than the account holder. Anyway, whoever they are they're up to no good.

    You should look at installing these things:


     
  6. hostmedic

    hostmedic Well-Known Member

    Joined:
    Apr 30, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider
    nobody

    just a brief note -

    the out of the box cPanel install has apache running under the user nobody.

    Like the others said - Install Chirpy's CSF / LFD

    That will help a ton.

    Also - download the ELS script

    then run the tool to lock down the tmp directory

    if stuck PM us - we would be glad to help you.
     
  7. lifelinux

    lifelinux Member

    Joined:
    Oct 29, 2010
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Hi, i found shell kill process of Nobody account, maybe it can help solve that problem:
    Code:
    for i in `ps auwx | grep -i nobody | awk {'print $2'}`; do kill -9 $i; done
     
  8. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    This may break things, you have been warned (if it does, just undo it):

    Code:
    chgrp nobody /usr/bin/perl
    chmod g= /usr/bin/perl
    To undo:

    Code:
    chgrp root /usr/bin/perl
    chmod g=rx /usr/bin/perl
    This isn't the right way to solve the issue though, it's a bandaid; you have other serious problems if outsiders can load scripts onto your box. CSF/LFD and the other tools mentioned by HostMedic among others is really the way to go.
     
Loading...

Share This Page