Interesting data cPanel users know about the server

postcd

Well-Known Member
Oct 22, 2010
717
19
68
The cPanel user can see alot of data
For example these are readable to the cPanel user on standard CentOS/Apache/WHM server:

/etc/named.conf + /etc/dovecot/sni.conf - hosted domains
/etc/shadow + /etc/trueuserowners - cpanel user list
/etc/fstab - filesystems, like ramdisks
/etc/localaliases - e-mail of the root/nobody user
/etc/cron.d/ - cronjobs contents if have more than 700 permission (ie 644)
/etc/my.cnf - mysql configuration file
/usr/local/apache/conf/modsec2.user.conf - mod security rules
/etc/sysconfig/network-scripts/ - ips used on the server
+ phpinfo() - many other details about apache, php, mysql
 

postcd

Well-Known Member
Oct 22, 2010
717
19
68
the files i mentioned can be read without SSH access enabled on that particular cpanel.
it can be read thru a php script while following php functions are disabled on that particular cpanel: disable_functions: show_source, system, passthru, shell_exec, popen, proc_open, allow_url_fopen

i assume virtfs can't change this.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463

postcd

Well-Known Member
Oct 22, 2010
717
19
68
Thank you i went thru the pages you linked and applied all the things.

RE: PHP open_basedir Tweak - Documentation - cPanel Documentation

In Home >> Security Center >> PHP open_basedir Tweak i have option "Enable php open_basedir Protection." ticked, but at Yours linked page is mentioned "If you configure PHP to run as a CGI, suPHP, or FastCGI process, you must manually specify the open_basedir directive in the appropriate php.ini file.", and i am using suPHP and i think im happy with it. So i would need to setup some script that would append open_basedit for each cpanel to the global php.ini, only solution?
i mean like:
[PATH=/home/newcpanel/pubic_html]
open_basedir = /home/newcpanel/pubic_html
?

RE: PHP Security Concepts - cPanel Knowledge Base - cPanel Documentation

The php script tells me: Disable Functions : show_source, system, passthru, shell_exec, popen, proc_open, proc_close, curl_exec, curl_multi_exec, allow_url_fopen, allow_url_include, symlink, link, unlink, copy, mkdir, rmdir, file, readfile, filegetcontents, dl, mail

yet all files i mentioned in first post are readable for a cpanel user and also following commands can be executed by cpanel user from within php script: netstat, ps aux, last, w, vmstat, /proc/version

Please any ideas what can be done to prevent some of these sensitive data be revealed?
CentOS 6.x, Apache, suPHP, EasyApache 3
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463