Results 1 to 8 of 8
  1. #1
    Join Date
    Mar 2004
    Posts
    1,301

    * enable system commands?

    how likely your server would be easily hacked by allowing system/shecll commands? If I have to allow system functions, what do i need to do to make sure the server is safe?

    Thanks!

  2. #2
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,080
    Define system and shell commands. If you are goign to be giving shell acess you need to make sure and lock down the system along with keeping it update for the latest kernel exploits among other things.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  3. #3
    Join Date
    Jul 2004
    Posts
    73
    I beleive he's referring to allowing the system(); function in PHP.
    The commands are executed through apache and therefore [should] be run as an unpriveleged user. So the only damage that could really be done is to the files apache has access to. Although, it may be advisable to install/read up on PHPSuExec

  4. #4
    Join Date
    May 2005
    Posts
    61
    If you referring to php...I would recommend you not to enable the system function

  5. #5
    Join Date
    Mar 2004
    Posts
    1,301
    sorry... I should've mentioned that it was for php.

  6. #6
    Join Date
    Nov 2004
    Location
    India
    Posts
    1,100
    Disbaling system() will create chaos among clients, because that will affect the functionality of certain softwares. Yes I do agree that enabling system () is a security risk, but it will be good if you enable phpsuexec so that you can watch the processes running with username and not with nobody. In this way you can catch who is the vulnerble user in your server.
    AssistanZ - Beyond Boundaries...
    Cloudstack Consultancy / 24x7 Web Hosting Support / 24x7 Server Management / Infrastructure Management Services
    Web & Mobile Apps Development / Web Designing Services / Php, Grails, Java Development

  7. #7
    Join Date
    May 2005
    Posts
    61
    Check this link to find the problems with allowing system function in php

    http://www.webhostingtalk.com/showth...hreadid=343755

  8. #8
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    Leaving system() out will cause problems with your clients, end of story. That's an extremely poor way to run a business, what, telling clients "I'm sorry, but that function is disabled due to security reasons".. Errm, no, that offers very little more security, and there are ALWAYS ways around that.


    There are very valid reasons for system() calls, the most common being image galleries which call manipulation functions from the system directly. There's others, of course, but those are the most common.

    As to the original question:
    how likely your server would be easily hacked by allowing system/shecll commands?
    It all depends on how secure your server is, how populated it is, and how familliar you, specifically, are with Linux. If you have your server pretty much secured, yet talking to you every day, then you'll notice things that are off like hacks, etc.

    Unfortunately, with the idiots out there now, it's not "how likely", but "when". If you make it harder for them to hack by tightening security, keeping an eye on what's out there , in the server, then you won't notice it as much. however, it's still going to happen, due to poor software programming, more than anything else.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •