Results 1 to 3 of 3
  1. #1
    Join Date
    May 2003
    Posts
    852

    Question 7 security and settings questions (cpanel/WHM) server

    Hello

    Just have some questions regarding server settings and security

    1) What will happen if
    Open_basedir in php.ini is changed to
    Open_basedir = /home:/tmp
    ??

    2) What will happen if all hosted users in passwd file are set to /sbin/nologin ???
    Dose it effect running the web site?

    What are the effects if
    Sync if set to /sbin/nologin default is /bin/sync
    shutdown if set to /sbin/nologin default is /sbin/shutdown
    halt if set to /sbin/nologin default is /sbin/halt
    news if set to /sbin/nologin default is empty
    netdump if set to /sbin/nologin default is /bin/bash
    Mysql if set to /sbin/nologin default is /bin/bash
    mailman if set to /sbin/nologin default is /bin/bash
    cpanel if set to /sbin/nologin default is /bin/bash


    3) How to make /bin/bash in passwd file is the default path for each new user added (automatically) in cpanel/whm server

    4) What is the effect if base64_encode and base64_decode if been added in disable functions ?

    5) How to secure host.conf and nsswitch.conf to prevent DNS lookup poisoning and also provide protection against spoofs??

    6) How to secure the system configuration file sysctl.conf to prevent the TCP/IP stack from syn-flood attacks ??

    7) What is ClamAV and how to disable it??
    Last edited by cannibal; 08-30-2007 at 10:42 PM.

  2. #2
    Join Date
    Jun 2006
    Location
    Cluj Napoca
    Posts
    469
    1. open_basedir set to /home wil result in everyone being able to browse the home folder. I do not recommand this if you will going to offer shared hosting. Some may need other php libraries so you will need to add other directories to open_basedir.
    If you do not have open_basedir at all then setting it to home it's a good start.
    2. it's ok to have /sbin/nologin, will not affect running websites (for this and the open_basedir settings you can look at cPanel how it handles everything)

    3. In whm you can disable shell access so every new user will have /sbin/nologin. Also enable open_basedir protection and you will not need to configure anything else just let cPanel do the work.

    4. If there are some sites that use base64 encode/decode you will affect them. Anything else I think will be ok.

    5, 6 look in the tutorials forum, you will find a lot.
    7 ClamAV is an antivirus. You can disable it through cPanel if it was installed by it.
    IntoDNS - Check your DNS health and configuration
    FLEIO - OpenStack billing and control panel for service providers

  3. #3
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,771
    You may do this to prevent httpd flooding.

    Code:
    vi /etc/sysctl.conf
    # Enable TCP SYN Cookie Protection
     net.ipv4.tcp_syncookies = 1
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •