Script uploaded to account concerns
Hey guys,
So I have put everything I can think of to protect our server
* CageFS enabled in CloudLinux
* CFS
* Apache mod directory protection
* PHP Basedir
* Follow Symlink if Owner matches
* Disable_functions list "show_source, system, shell_exec, passthru, exec, popen, proc_open"
And so many things, but when we run this - Removed - which someone planted in our server as a user, they can still VIEW things outside their /home, they can't upload or edit but they can sure as hell view it but not in the /home, the /home dir they can only see their own account but can go around and see things which is "root:root"
I uploaded example of this, but of course blackened out any sensitive data, anyone that can assist me in getting this fixed. I refuse to believe cPanel has no fix for this since SELinux can't be just enforced.
I find it highly inappropriate a client can plant a .php file there and start rummaging around our /root.
-
UPDATE: After thorough inspection, he can't do much he can't edit any files really he can view very few files but the idea of him being able to just in general see outside his /home/user/ directory is just unnerving 0 -
You should change any passwords you might have used with this script on an account just to be safe. Some? of them do phone home when run as you have here by opening it. 0 -
I haven't used anything, I just clicked the URL as the user, and browsed around. I just see I can go out of the cPanel environment to the /root and see some stuff, I can not view but fraction of the files. What worries me is that in the first place cPanel doesn't have this secured, and I have CloudLinux and CageFS. I just don't like that he can at all go outside /home/user.. even if he cant plant change write download any files, he can only see files and filenames and only open a fraction of them using this. No passwords to change as I haven't logged anything. I havent written a password once. 0 -
After thorough inspection, he can't do much he can't edit any files really he can view very few files but the idea of him being able to just in general see outside his /home/user/ directory is just unnerving
Hello, This is normal due to the nature of how the filesystem works on Linux. Note that while you may be able to view some directories outside of /home, all account-specific data should be restricted (e.g. no valuable data is available to end-users). Thank you.0
Please sign in to leave a comment.
Comments
4 comments