var sidebar_align = 'right';
var content_container_margin = parseInt('350px');
var sidebar_width = parseInt('330px');
chmod 700 kill binaries ok?
I noticed more and more exploits use killall -9 and such.
I would like to chmod 700 kill, killall, pkill, skill on a Centos CPanel server. There are no other shell users on the server.
I assume this doesn't cause any problems as usually only root issues kill commands, correct?
I can't see it causing too many problems. I don't see what it will add though. If something is getting in to run kill commands, it shouldn't do much damage unless it is running as root.
If the attacker is running as root your chmod won't help at all. If they are logged in as a user, the kernel wouldn't let them kill any processes other than what they own.
Maybe renaming kill to something else would do more to stop automated scripts?
Just a thought
Agreed, but coming in through a php script hole (assuming php runs under nobody) they could kill apache processes.
Originally Posted by
Also, quite a few exploits seem to start with 'killall -9 perl' before they continue with their cd tmp wget stuff.
I just see it as an extra layer of security, can't have enough of those layers
I can't see anything wrong in chmod ing them to 700.
But as rat0042 said, I am not sure how much it will be helpfull. Any way make a try and lets see how it goes.
I think a better idea would be to chmod 0700 all compilation tools (gcc, etc) if you have those installed. also do the same with lynx, wget, curl, etc.
Some of the exploits gain some access to the server or a process running on the server, then download the actual script to set up their own shell or what not. By chmod'ing those files, you make their job a little harder. Maybe enough to ward away the lazy script kiddies.
yes, I agree that's more important and it's something I always do. It's just that I noticed the exploits are using killall a lot, so I thought why not secure that as well