Helpful tip for securing your server a little bit more...

If your running a server where you have problems with people running resource intensive scripts as 'nobody' through php or the likes, one option is to put in a cronjob that kills all processes owned by 'nobody' every so often.

What's a problem with this? Every time it does it, it can kill specific programs... the one i've had to deal with lately is Melange chat server.

What's the solution? Make melange run as another user!

here's what I did...

Code:

useradd melange

then i opened /etc/init.d/cpanel and changed:

Code:

daemon /usr/local/cpanel/bin/startmelange

to

Code:

daemon --user melange /usr/local/cpanel/bin/startmelange

and then edit /scripts/restartsrv_melange

change

Code:

my $processowner = 'nobody';

to

Code:

my $processowner = 'melange';

It would be nice to see things like this done with the other services in the standard setup so people would be more empowered to stop problems before they start.

Keep in mind, these will be reset when you upcp, so you may either just want to chattr +i the files so they won't be changed, or just use a but of scripting in the file that runs after upcp (i can't recall what it is, but if someone wants to remind me, I might feel obligated to write the script :D)