patch not working

NewLegend · Aug 9, 2013

Hi ,

My server got hacked by create symlink to root, Now I trying to fix this security hole. The general recommendation is to use something like grsecurity kernel or rack911 symlink patch. But rack911 not working in my server, the below is my server information:

• CENTOS 5 – cPanel WHM 11.38.1 (build 15)
• root_options: ExecCGI, FollowSymLinks, IncludesNOEXEC, Indexes, SymLinksIfOwnerMatch.

I did this steps in my server,
1. wget http://layer1.rack911.com/before_apache_make -O /scripts/before_apache_make
2. chmod 700 /scripts/before_apache_make

3. Rebuild apache after.
/scripts/easyapache

Now after all that, I can create symlink to root ?! Please advice me ,,

quizknows · Aug 10, 2013

you can still make the links, the patch only stops following them via apache. As long as you compiled 2.2.x apache (not 2.0 or 2.4) you should be OK.

To test, make the symlink inside of a public_html directory, then browse to the symlink name in a browser. I'm not going to list instructions because if you carelessly remove the symlink you can accidently remove the target file(s).

I strongly recommend cloudlinux with securelinks enabled in the modhostinglimits.conf

cPanelMichael · Aug 12, 2013

Hello

The following thread should be useful to you:

Solutions for handling symlink attacks

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
C	suexec with kernelcare patch	Security	4	Oct 18, 2022
D	In Progress ea-php* packages patched by CloudLinux or not?	Security	3	Nov 24, 2021
M	SOLVED rpm changelog not showing new Perl Encode 3.12 patch	Security	5	Aug 10, 2021
S	SOLVED Server patches update not working	Security	2	Oct 23, 2019
	KernelCare installed, cannot set patch type for symlink, unknown kernel	Security	6	Oct 7, 2019

Search

Search

patch not working

NewLegend

Member

quizknows

Well-Known Member

cPanelMichael

Administrator