EasyApache 4 secure solution

epaslv

• August 16, 2016 22:45

I am struggling to find a solution to a problem. Using PHP I have written a script to check some security settings. The PHP file list all the accounts in the /home directory then scans through public_html folders, opens up config files and gets the username and password to the MySQL databases for other users, connect to MySQL etc. I guess you can then read all mail from other peoples accounts too. I am trying to prevent any read access through PHP outside the accounts home. However I have tried to provision all profiles as supplied by EasyApache but can stop the script from doing above? I must be missing something big here? Any comments would help

• 

  vacancy

  • August 17, 2016 09:11

  dso-suphp handler you using?

  0
• 

  ThinIce

  • August 17, 2016 11:31

  I do feel this could be better documented. By default (i.e without a jail) as you have seen, the basic operating system file permissions are king. I've not played with it for a while (so may be talking out of my arse) but If you are jailing each user with cPanel jailshell and virtualhosts with apache mod_ruid2, you would then want to run php as dso per the below documents Tweak Settings - Security - Documentation - cPanel Documentation.

  0
• 

  cPanelMichael

  • August 17, 2016 19:24

  Hello, The previous post offers some helpful information on this topic. Feel free to let us know the current PHP handler you are using if you would like additional advice:
  /usr/local/cpanel/bin/rebuild_phpconf --current
  Also, you may find this document helpful: Symlink Race Condition Protection - EasyApache - cPanel Documentation Thank you.

  0

Please sign in to leave a comment.