Questions about my root access as well as other security advisor warnings.

[durangod]

So im setting up my VPS, my first time ever.


1. i just spent all this time setting up putty and doing private keys and learning how to do all that including editing files and such via command line.

And now the security advisor tells me i should change

#PermitRootLogin yes

to no to cut off ssh root login.

that dont make sense to me unless i can get a command line from inside WHM but still i just did all this and now i have to shut it down so i cant even get in to root ssh.

or am i misunderstanding this, the root is in the wheel, is that the difference, i can still get in ssh right?


also do i need to uncomment that line

PermitRootLogin no       <like that>

2. Apache vhosts are not segmented or chroot()ed.
Enable “Jail Apache” in the “Tweak Settings” area

the problem is when i go there it is subdued and i cant click on anything for jail apache, it wont let me, its like the config is disabled.

3. suEXEC is disabled.

but when i go to the link it says:

* The suEXEC feature is disabled due to Apache MPM Itk

so im guessing i should just ignore that one.


thanks

 

[durangod]

interesting

\\v-nessa.net/2014/02/19/cpanel-security-advisor-dont-take-it-to-heart

 

[Infopro]

You may find this thread useful:
[Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening) - cPanel Forums

 

[durangod]

thanks infopro, really appreciate that man.. i am also almost done with this too a few more min to go... great video.. good to see my coding skills will come in hand both on the investigative and dev side too. Good to see that overlap cause i been feeling like a fish out of water for a week now..

GREAT video im so thankful they made this mod security video. There should be many more like this...

/http://www.youtube.com/watch?v=qn3FeXq5frg
Openwest 2014 - Jason Wood - Defending Against Web App Attacks Using ModSecurity

 

[durangod]

info pro my dear fast driver friend lol... If you had picked up on this it would have saved me so much time.. Im not saying you goofed cause its hard to read between the lines and honestly i should have spelled out what i was trying to say exactly.

What i was trying to say with this is why am i creating another user only to shut it down.

that dont make sense to me unless i can get a command line from inside WHM but still i just did all this and now i have to shut it down so i cant even get in to root ssh.

or am i misunderstanding this, the root is in the wheel, is that the difference, i can still get in ssh right?

That is when i wish you would have picked up on the fact that "why are you creating the key in the whm " sir, lmao... im a goof and like i said you didnt do anything wrong, i just wish you could have picked up on what i was doing and told me to go to cpanel for the key.

to help others if your making a new user to replace your root login, read this

http://forums.cpanel.net/f185/added-new-user-but-cant-get-into-ssh-them-420501.html

 

[SS-Maddy]

Hello

While disabling ssh root login, make sure to create an SSH user and add the user to wheel group. Otherwise, you will not be able to switch to the root account. SSH root access has more advantages than WHM root access. For security purposes, it is always better to change the default SSH port to a custom one.

 

[Infopro]

That is when i wish you would have picked up on the fact...

IMHO, sometimes feeding the answer is not as helpful as pointing to docs, or actually letting you get in there and do it, and learn that way.

If you like videos to learn with, we've got those too!
cPanel Videos
In Under 2 Minutes - cPanel How To Videos - cPanelTV