The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Securing a cpanel box

Discussion in 'General Discussion' started by mpope, Oct 17, 2001.

  1. mpope

    mpope Well-Known Member

    Joined:
    Aug 16, 2001
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    I would like to start a topic about securing a cpanel box.

    Basically, what should admins be doing on cpanel boxes to insure that they are secure? I have been told (by certain un-named people ;)) that cpanel does all necessary security fixes, etc. Although I don\'t know if I believe this, I have been somewhat afraid to install some RedHat security patches because I don\'t know if it will adversely affect the cpanel software.

    I know cpanel has portsentry, but how much does this actually secure the system? I\'ve always thought portsentry was basically just a software firewall. How correct is this statement?

    I have had a cpanel based server for a while now, and have not had it hacked yet (to my knowledge). I\'ve also had some non-cpanel servers, and they always seem to get hacked within a couple of days. So, obviously cpanel is adding a level of security to the box, I\'m just trying to nail down what it is, and what i need to do to prevent any hackers from getting into my systems.

    Thanks, all comments are appreciated!
    :D
     
  2. Domenico

    Domenico Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    362
    Likes Received:
    0
    Trophy Points:
    16
    This is certainly a thing to talk about but it allways turns out the samw direction.

    The cpanel developers saying cpanel is just hostmanagement and nothing moren and the others wich tell you that control panels are never safe to use because of the cpanel needing root access to certain files and directories.

    I think that the cpanel developers MUST do something about security too.
    I can\'t stand cpanel breaking down after applying another security patch. I want the cpanel developers too tell exactly what cpanel is doing during installation and running and also what can be touched and what can\'t.

    It is stupid to let the users swim around this way. What good is a control panel when it opens up the server for every (wannabe) hacker. Please keep security in mind and don\'t make it more difficult for us to secure a box.
     
  3. bdraco

    bdraco Guest

    [quote:9ede81977c]Hello,

    I would like to start a topic about securing a cpanel box.

    Basically, what should admins be doing on cpanel boxes to insure that they are secure? I have been told (by certain un-named people ;)) that cpanel does all necessary security fixes, etc. Although I don\'t know if I believe this, I have been somewhat afraid to install some RedHat security patches because I don\'t know if it will adversely affect the cpanel software.
    [/quote:9ede81977c]
    Keep the kernel upgraded.

    [quote:9ede81977c]
    I know cpanel has portsentry, but how much does this actually secure the system? I\'ve always thought portsentry was basically just a software firewall. How correct is this statement?

    I have had a cpanel based server for a while now, and have not had it hacked yet (to my knowledge). I\'ve also had some non-cpanel servers, and they always seem to get hacked within a couple of days. So, obviously cpanel is adding a level of security to the box, I\'m just trying to nail down what it is, and what i need to do to prevent any hackers from getting into my systems.

    Thanks, all comments are appreciated!
    :D [/quote:9ede81977c]


    Cpanel feeds in all security updates from redhat/mandrake as well as security updates/patches that darkorb provides (ie chmod 700 /usr/bin/newgrp for the recent linux kernel problems .. see http://support.cpanel.net/new/viewthread.php?tid=658).
     
  4. alan

    alan Registered

    Joined:
    Oct 16, 2001
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Some might consider this as not related to securing a cpanel box, but it is.

    A Linux version of TRIPWIRE is available for free from http://www.tripwire.com
    A full GPL version is also available. (I think it\'s called AIDE) See freshmeat.

    Tripwire won\'t stop a break in to your system. But it will tell you if one has
    occurred. And that\'s critical, particulary if you have legal people who want
    proof that you\'re doing a responsible job.

    The problem with integrating Tripwire and CPanel is the need to tell Tripwire
    that files just downloaded from cpanel.net are legit and shouldn\'t cause
    Tripwire to go into a tizzy.

    I\'ve written scripts that inform Tripwire of changes made by /scripts/sysup
    and /scripts/rpmup. They were comparatively easy because I was able to grab
    the list of RPM\'s that sysup and rpmup were downloading.

    My UNSOLVED problem is the other stuff that /scripts/upcp does: eg: running
    Installer and, frankly, whatever else it does.

    It would REALLY HELP if I knew what upcp was really doing; even better would
    be a list of files that it had added/changed/deleted.

    Once my work is completed, I would be PLEASED TO GIVE THEM to any and all who
    are interested/concerned about this issue.

    Tripwire can do many things. For example, it could email a customer if
    \"unauthorized\" changes have been made to their html files.

    So, can anyone help with *my* challenge? ie: knowing what files upcp (not sysup
    or rpmup) has touched?
     
  5. bdraco

    bdraco Guest

    cpanel should only modify stuff in /usr/local/cpanel from upcp :)
     
  6. alan

    alan Registered

    Joined:
    Oct 16, 2001
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    \"cpanel should only modify stuff in /usr/local/cpanel from upcp\", you say?
    ... In that case, there\'s more going on than I\'ve surmised.
    A quick looks shows:
    16 files in /usr/sbin (many of which seem exim related)
    16 files in /usr/lib (most of which are perl related)
    600 files in /root/.cpan
     
  7. bdraco

    bdraco Guest

    Those are from sysup and rpmup.. not upcp itself
     
Loading...

Share This Page