The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Removing Namazu and SCGI in general

Discussion in 'Security' started by Scutterman, Oct 3, 2012.

  1. Scutterman

    Scutterman Member

    Joined:
    Dec 18, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I have a PCI scan tell me that /scgi-bin/namazu.cgi is potentially unsafe. Since I don't use any of the CGI or SCGI scripts I thought it would be easier to just disable them.

    I went to the feature manager and disabled "CGI Centre" and "Simple CGI Wrapper", saved, restarted apache, and went to where the script should be ( /http://www.loveyogaonline.co.uk/scgi-bin/namazu.cgi) expecting a 404 or similar message.

    Instead I get the message "scgiwrap: Caller must be the nobody user". How do I completely disable SCGI so this doesn't appear and I can pass the PCI check?
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    That removes the features from the cPanel interface.

    Not sure how helpful this is, but have you modified the account to remove CGI privileges?
    Modify an Account - cPanel Documentation

    Removing any files from the directory and the directory itself even, might also be helpful.
    CGI Center - cPanel Documentation

    You might also find something like this suggestion useful:
    One or more immutable files are preventing cPanel and WHM from updating - cPanel Forums


    HTH!
     
  3. Scutterman

    Scutterman Member

    Joined:
    Dec 18, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi, thanks for the help!

    I modified the account to remove CGI privileges and restarted httpd to no avail.

    There is no scgi-bin directory under public_html, I was working under the assumption that a rewrite higher up the chain was handling it. I'd already set up a .htaccess file under public_html with both the <files> directive and a few rules aimed at redirecting anything aimed at a scgi-bin directory, but neither was effective.
     
  4. Scutterman

    Scutterman Member

    Joined:
    Dec 18, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Okay, I've now added the <Files> directive to the userdata (std and ssl) and it will block CGI files anywhere except scgi-bin. Is there anywhere that could be rewriting it before that gets processed?
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I just want to be sure I understand you here. I think I'm missing something.

    First, whats this script doing in the scgi-bin?
    /scgi-bin/namazu.cgi

    Second:
    You have no scgi-bin directory in /home/user/public_html/ ?
    /http://www.loveyogaonline.co.uk/scgi-bin/

    I enabled these features, and found a directory there. I disabled those features and removed the directory. Then opened my browser to my scgi-bin/ like your URL, and get a 404. Directory does not exist. I killed it.

    Missing something here..
     
  6. Scutterman

    Scutterman Member

    Joined:
    Dec 18, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    The PCI scan attempted to access /http://www.loveyogaonline.co.uk/scgi-bin/namazu.cgi and got the response "scgiwrap: Caller must be the nobody user". This is despite there being no scgi-bin directory under "/home/[user]/public_html/".

    I think that, somewhere during the request processing, something is rewriting any request to scgi-bin to route to "/usr/local/cpanel/cgi-sys/scgiwrap", and I think this is happening before the userdata includes because otherwise it would be blocked by the <Files> directive I placed there
    Code:
    <Files "*.cgi">
    Order allow,deny
    Deny from all
    </Files>
    
    Most of this is guesswork because I haven't dealt with CGI before, much less SCGI.
     
  7. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Please check /usr/local/apache/conf/httpd.conf file, which likely has scgi-bin set in it. If you check this file for it:

    Code:
    grep scgi /var/cpanel/conf/apache/main
    Then remove the line in that file referencing the scgi-bin for an Alias, it should then cease being called. You'd want to run these commands afterward:

    Code:
    cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak121005
    /usr/local/cpanel/bin/apache_conf_distiller --update 
    /usr/local/apache/conf/httpd.conf
    /etc/init.d/httpd restart
    Also, please make a copy of /var/cpanel/conf/apache/main before editing it initially.

    Of note, the scgi-bin that is being called is not /home/username/public_html/scgi-bin at all. It's from the scgiwrap at cgi-sys location, which you can see in the Alias line it is using:

    Code:
    ScriptAlias /scgi-bin /usr/local/cpanel/cgi-sys/scgiwrap
     
  8. Scutterman

    Scutterman Member

    Joined:
    Dec 18, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    Grepping for scgi shows the following code block
    Code:
    scriptalias:
      directive: scriptalias
      items:
        -
          path: /usr/local/cpanel/cgi-sys/
          url: /cgi-sys
        -
          path: /usr/local/cpanel/3rdparty/mailman/cgi-bin/
          url: /mailman
        -
          path: /usr/local/cpanel/cgi-sys/scgiwrap
          url: /scgi-bin
    
    I tried removing the last three lines, but running
    Code:
    # /usr/local/cpanel/bin/apache_conf_distiller --update /usr/local/apache/conf/httpd.conf
    or
    Code:
    # /usr/local/cpanel/bin/apache_conf_distiller --update
    adds it back in

    Code:
    # vim /var/cpanel/conf/apache/main
    # /usr/local/cpanel/bin/apache_conf_distiller --update /usr/local/apache/conf/httpd.conf
    info [apache_conf_distiller] 'local' datastore in use (/var/cpanel/conf/apache/local)
    Distilled successfully
    # /etc/init.d/httpd restart
    # grep scgi /usr/local/apache/conf/httpd.conf
    ScriptAlias /scgi-bin /usr/local/cpanel/cgi-sys/scgiwrap
    
    Thanks for the help
    -Tom
     
  9. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello Tom,

    Could you submit a ticket using WHM > Support Center > Contact cPanel or using the link in my signature for us to check why this isn't working? You might have a locally defined file in that location that needs changed instead.

    Normally, I'd have suggested removing in /usr/local/apache/conf/httpd.conf and distilling, but a prior ticket had that happen and each EasyApache recompile or rebuild resulted it the line being re-added. That's why the file being directly edited was suggested. Since you might have a local copy of a template file, this might be why that's happening.

    Please post the ticket number here after submitting it for us to track the resolution.

    Thanks!
     
  10. Scutterman

    Scutterman Member

    Joined:
    Dec 18, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    Sorry I haven't gotten back to you before now, I did a temporary fix by directly editing httpd.conf in order to pass the pci check, then I got pulled away onto other jobs. I submitted the ticket and the Request Id is: 3346565.

    Thanks for the help
    -Tom
     
Loading...
Similar Threads - Removing Namazu SCGI
  1. e_k_
    Replies:
    1
    Views:
    68

Share This Page