Questions about my root access as well as other security advisor warnings.

durangod

Well-Known Member
May 12, 2012
504
46
78
cPanel Access Level
Website Owner
So im setting up my VPS, my first time ever.


1. i just spent all this time setting up putty and doing private keys and learning how to do all that including editing files and such via command line.

And now the security advisor tells me i should change

Code:
#PermitRootLogin yes
to no to cut off ssh root login.

that dont make sense to me unless i can get a command line from inside WHM but still i just did all this and now i have to shut it down so i cant even get in to root ssh.

or am i misunderstanding this, the root is in the wheel, is that the difference, i can still get in ssh right?


also do i need to uncomment that line

Code:
PermitRootLogin no       <like that>

2. Apache vhosts are not segmented or chroot()ed.
Enable “Jail Apache” in the “Tweak Settings” area

the problem is when i go there it is subdued and i cant click on anything for jail apache, it wont let me, its like the config is disabled.

3. suEXEC is disabled.

but when i go to the link it says:

* The suEXEC feature is disabled due to Apache MPM Itk
so im guessing i should just ignore that one.


thanks
 

durangod

Well-Known Member
May 12, 2012
504
46
78
cPanel Access Level
Website Owner
interesting

\\v-nessa.net/2014/02/19/cpanel-security-advisor-dont-take-it-to-heart
 

durangod

Well-Known Member
May 12, 2012
504
46
78
cPanel Access Level
Website Owner
thanks infopro, really appreciate that man.. :) i am also almost done with this too a few more min to go... great video.. good to see my coding skills will come in hand both on the investigative and dev side too. Good to see that overlap cause i been feeling like a fish out of water for a week now..

GREAT video im so thankful they made this mod security video. There should be many more like this...

/http://www.youtube.com/watch?v=qn3FeXq5frg
Openwest 2014 - Jason Wood - Defending Against Web App Attacks Using ModSecurity
 

durangod

Well-Known Member
May 12, 2012
504
46
78
cPanel Access Level
Website Owner
info pro my dear fast driver friend lol... If you had picked up on this it would have saved me so much time.. Im not saying you goofed cause its hard to read between the lines and honestly i should have spelled out what i was trying to say exactly.

What i was trying to say with this is why am i creating another user only to shut it down.

that dont make sense to me unless i can get a command line from inside WHM but still i just did all this and now i have to shut it down so i cant even get in to root ssh.

or am i misunderstanding this, the root is in the wheel, is that the difference, i can still get in ssh right?
That is when i wish you would have picked up on the fact that "why are you creating the key in the whm " sir, lmao... im a goof and like i said you didnt do anything wrong, i just wish you could have picked up on what i was doing and told me to go to cpanel for the key.

to help others if your making a new user to replace your root login, read this

http://forums.cpanel.net/f185/added-new-user-but-cant-get-into-ssh-them-420501.html
 

SS-Maddy

Well-Known Member
Mar 28, 2009
124
14
68
cPanel Access Level
Root Administrator
Hello

While disabling ssh root login, make sure to create an SSH user and add the user to wheel group. Otherwise, you will not be able to switch to the root account. SSH root access has more advantages than WHM root access. For security purposes, it is always better to change the default SSH port to a custom one.
 

Infopro

Well-Known Member
May 20, 2003
17,112
513
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter