On several occasions, over the last three weeks, a couple of our users have been denied access to our cpanel server, for example, MS Outlook reports that it is unable to connect to the service, and ping requests are dropped.
When I investigated, I started by looking at the rules applied to iptabels. To my surprise, iptables was not running (GULP).
The following is the output, of a status request, using the service command:
root> service iptables status
Firewall is stopped.
I restarted the firewall:
root> service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter [ OK ]
Unloading iptables modules: [ OK ]
Once the firewall was restarted the users access resumed. Then after a while the users are yet again denied access. I'm a little concerned about security now and not sure what to check to see why the firewall keeps stopping. On whm the following statement has recently appeared:
Security Notice:
There are several known Linux kernel exploits which may allow local privilege escalation. These exploits have become commonplace in recent weeks and can be avoided by ensuring that your kernel is updated to the latest available version. While cPanel will help ensure your system services and software are up to date, kernel updates are outside the scope of cPanel. Kernels with known vulnerabilities include, but are not limited to, 2.6.9-22 and 2.6.9-34. Please check your running kernel for updates periodically. This will help ensure the overall integrity of your server and data.
This panics me a little more as the kernel I am on is
Linux spoof.domain.uk 2.6.9-34.EL #1 Wed Mar 8 00:07:35 CST 2006 i686 i686 i386 GNU/Linux.
How can I find out whether I have been a victim of the above security breach?
When I investigated, I started by looking at the rules applied to iptabels. To my surprise, iptables was not running (GULP).
The following is the output, of a status request, using the service command:
root> service iptables status
Firewall is stopped.
I restarted the firewall:
root> service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter [ OK ]
Unloading iptables modules: [ OK ]
Once the firewall was restarted the users access resumed. Then after a while the users are yet again denied access. I'm a little concerned about security now and not sure what to check to see why the firewall keeps stopping. On whm the following statement has recently appeared:
Security Notice:
There are several known Linux kernel exploits which may allow local privilege escalation. These exploits have become commonplace in recent weeks and can be avoided by ensuring that your kernel is updated to the latest available version. While cPanel will help ensure your system services and software are up to date, kernel updates are outside the scope of cPanel. Kernels with known vulnerabilities include, but are not limited to, 2.6.9-22 and 2.6.9-34. Please check your running kernel for updates periodically. This will help ensure the overall integrity of your server and data.
This panics me a little more as the kernel I am on is
Linux spoof.domain.uk 2.6.9-34.EL #1 Wed Mar 8 00:07:35 CST 2006 i686 i686 i386 GNU/Linux.
How can I find out whether I have been a victim of the above security breach?