Results 1 to 3 of 3
-
08-30-2007, 10:38 PM #1Web Hosting Master
- Join Date
- May 2003
- Posts
- 852
7 security and settings questions (cpanel/WHM) server
Hello
Just have some questions regarding server settings and security
1) What will happen if
Open_basedir in php.ini is changed to
Open_basedir = /home:/tmp
??
2) What will happen if all hosted users in passwd file are set to /sbin/nologin ???
Dose it effect running the web site?
What are the effects if
Sync if set to /sbin/nologin default is /bin/sync
shutdown if set to /sbin/nologin default is /sbin/shutdown
halt if set to /sbin/nologin default is /sbin/halt
news if set to /sbin/nologin default is empty
netdump if set to /sbin/nologin default is /bin/bash
Mysql if set to /sbin/nologin default is /bin/bash
mailman if set to /sbin/nologin default is /bin/bash
cpanel if set to /sbin/nologin default is /bin/bash
3) How to make /bin/bash in passwd file is the default path for each new user added (automatically) in cpanel/whm server
4) What is the effect if base64_encode and base64_decode if been added in disable functions ?
5) How to secure host.conf and nsswitch.conf to prevent DNS lookup poisoning and also provide protection against spoofs??
6) How to secure the system configuration file sysctl.conf to prevent the TCP/IP stack from syn-flood attacks ??
7) What is ClamAV and how to disable it??Last edited by cannibal; 08-30-2007 at 10:42 PM.
-
08-31-2007, 03:59 AM #2Web Hosting Evangelist
- Join Date
- Jun 2006
- Location
- Cluj Napoca
- Posts
- 469
1. open_basedir set to /home wil result in everyone being able to browse the home folder. I do not recommand this if you will going to offer shared hosting. Some may need other php libraries so you will need to add other directories to open_basedir.
If you do not have open_basedir at all then setting it to home it's a good start.
2. it's ok to have /sbin/nologin, will not affect running websites (for this and the open_basedir settings you can look at cPanel how it handles everything)
3. In whm you can disable shell access so every new user will have /sbin/nologin. Also enable open_basedir protection and you will not need to configure anything else just let cPanel do the work.
4. If there are some sites that use base64 encode/decode you will affect them. Anything else I think will be ok.
5, 6 look in the tutorials forum, you will find a lot.
7 ClamAV is an antivirus. You can disable it through cPanel if it was installed by it.
-
08-31-2007, 04:34 AM #3Web Hosting Master
- Join Date
- Oct 2004
- Location
- Kerala, India
- Posts
- 4,771
You may do this to prevent httpd flooding.
Code:vi /etc/sysctl.conf # Enable TCP SYN Cookie Protection net.ipv4.tcp_syncookies = 1
David | www.cliffsupport.com
Affordable Server Management Solutions sales AT cliffsupport DOT com
CliffWebManager | Access WHM from iPhone and Android