Whenever i check my server by Nessus, I receive this Vulnerability : ----- The 'guestbook.cgi' is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody). Solution : remove it from /cgi-bin. ----- How can I remove it completely? just remove it under /home or there is another way?
guestbook.cgi is part of cgi scripts which come along with cpanel. If you want to disable them just change permisions of the scripts in /usr/local/cpanel/cgi-sys/. For guestbook.cgi it would be chmod 000 /usr/local/cpanel/cgi-sys/guestbook.cgi However note that the next cpanel update will return the permissions to normal. You can choose to place the chmod inside a file /scripts/postupcp so it changes the permissions back everytime cpanel updates.
Which version of guestbook.cgi are you using currently? I thought they fixed the vulnerability in version 6 of cpanel. Deborah
Yes you need to create it. Though thats required only if you want to disable guestbook.cgi, i don't think the one shipping with cpanel has any vulnerability anymore (not sure still).
can someone explain to me how nessus is even able to connect to that folder to know that script resides there? /usr/local/cpanel/cgi-sys/guestbook.cgi ? Seems to me that is more of a security issue that the script itself.