Security question!

[Domenico]

http://www.bastille-linux.org

Can this be run on a cpanel/red-hat server without messing everything up?

I'm getting tired of cpanel taking over the system. I really want to know what I can and can't do. Wich files can I touch and don't touch.

Please cpanel/nocsoft developers react and keep this in mind with nocsoft. Don't focus just on the panel but also on securing the box in any way.

THANK YOU!

[Edited on 9/12/01 by Domenico]

 

[MichaelShanks]

From my experience Cpanel doesn\'t take over the system it is usually the 3rd party applications that are included with cpanel that in some way screw things up, It would be nice if in WHM you could disable the certain services you do not wish run on your server.

Regards to your question, a default install of that program will probably stop some functionality of Cpanel, the firewall in itself will probably block off the ports Cpanel uses in its default setting, it actually looks like more of a frontend to common sense,


I\'d say installing an application like that has a 90% chance of interfering with the smooth running of your server.

Mike

 

[Domenico]

Hi,

Ok, but don\'t you think the developers of cpanel/nocsoft do have to think about security too?

The default server settings really don\'t cut it. Also WHM should have more options regarding security.

What do you think?

 

[MichaelShanks]

Personally I find cpanel secure enough, Nick keep up with patches on the services he provides with Cpanel, anything else relating to Redhat I believe is related to the sysadmin and personally I attempt to keep as uptodate as possible, Cpanel is host management software not security management software, of course it would be nice if security features were implemented but I am not saying that they should,

Believe me I help manage a network of around 100 Cpanel boxes run on 3 datacentres around the world and security is never something taken lightly or something I belive should be relied on one product to deliver.

Mike

 

[Domenico]

I aggree but I don\'t think you got my point.

I just don\'t know what I can touch without cpanel falling apart. I want the cpanel developers to document what is mission critical for cpanel to run.

At this point it is just a matter of trial by error but with that many clients on a box you just can\'t experiment don\'t you think?

 

[MichaelShanks]

Cpanel as a rule of thumb utilizes these files only i believe

These files

/etc/proftpd.conf
/etc/named.boot
/etc/named.conf
/etc/group
/etc/passwd
/etc/shadow
/etc/localdomains
/etc/resolv.conf
/etc/domainalias
/etc/localdomains
/etc/ips
/usr/local/cpanel/conf/general.conf
/usr/local/apache/conf/httpd.conf
/etc/httpd/conf/access.conf

These Directories

/etc/valiases
/etc/proftpd
/var/named
/var/cpanel/users
/etc/aliases
/etc/vfilters
/var/cpanel/Counters
/var/spool/mail
/var/spool/cron
/var/lib/mysql
/usr/local/frontpage
/usr/local/bandmin
/home/mailacct
/var/cpanel