Category Archives: Hardening

How to prevent from symlink

hello all :D
Now just write the short article about security.

How to prevent from symlink ?
so lets do it

Firs step ” change permission for ln command ”

sudo su
cd /bin
chmod 400 ln

second step ” edit php.ini configuration ”
to search php.ini file

locate php.ini

edit php.ini

nano /etc/php5/apache2/php.ini

search ” disable_functions ” and put in the list

disable_functions = symlink,system,shell_exec,eval,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinumcols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,ftp,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,popen,fpassthru,php_uname, pcntl_exec,

and restart the service .

/etc/init.d/apache2 restart
/etc/init.d/php5 restart

so it is short and i hope this make your server is secure :D

The post How to prevent from symlink appeared first on ndesocode.

Securing cPanel After Install

Secure Your cPanel Before SomeOne Pwned you.
Tweak Settings

Under Main » Server Configuration » Tweak Settings, enable (E) or disable (D) the following options:

Prevent users from parking/adding on common internet domains. (E)
Attempt to prevent pop3 connection floods (E)
Default catch-all/default address behavior for new accounts (Blackhole)
Use jailshell as the default shell for all new accounts and modified accounts (E)
Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc. (E) You must first generate server SSL certificates for your hostname at Main » Service Configuration » Manage Service SSL Certificates.
BoxTrapper Spam Trap (D)
Allow cPanel users to reset their password via email (D)
Send passwords in plaintext over email when creating a new account (D)
Only permit cpanel/whm/webmail to execute functions when the browser provides a referrer (E)

Apache Settings

Under Main » Service Configuration » Apache Configuration » Global Configuration, perform the following:

SSLCipherSuite: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
TraceEnable: Off
ServerSignature: Off
ServerTokens: Product Only
FileETag: None
MaxRequestsPerChild: 1000
Also under Apache Configuration, use Modify Apache Memory Usage to manage child process memory handling.

PHP Settings

First and foremost, we recommend enabling SuPHP for security reasons. Please see the following article: Enabling SuPHP.

Also recommended are the following PHP settings. Please be aware of the implications of each and their effect on your scripts (i.e. may break some poorly-coded/older scripts). The php configuration file, php.ini, can be edited inside the WHM under Main » Service Configuration » PHP Configuration Editor and switching to Advanced Mode.

enable_dl = Off
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen
register_globals = Off
Also consider enabling the Main » Security Center » PHP open_basedir Tweak.

FTP Settings

Found under Main » Service Configuration » FTP Server Configuration:

Allow Anonymous Logins: No
Allow Anonymous Uploads: No
Allow Logins with Root Password: No

Miscellaneous Tweaks

Main » Security Center » Shell Fork Bomb Protection (E)
Main » System Health » Background Process Killer (E)
Main » Security Center » Compiler Access (D)

The post Securing cPanel After Install appeared first on ndesocode.