Symlink / Softlink Protection For Security In Apache – SOLVED
- Category : Linux Helpline (Easy Guide)
- Posted on : Apr 05, 2019
- Views : 2,627
- By : Barton S.
You may need to read the whole article before choosing it.
Step 1 : You may need to turn on “SymLinksIfOwnerMatch” in WHM Apache Global Configuration
Step 2: Apply the Patch from rack9 , what he do is to turn on by default in apache source and compile it to apply this patch please do it as follows,
wget http://layer1.rack911.com/before_apache_make -O /scripts/before_apache_make chmod 700 /scripts/before_apache_make #Rebuild apache after. /scripts/easyapache
Step 3 : Apply the Symlink Race condition patch from Blue Host. It is is now available in easy apache. To apply the patch, select Symlink Race Condition Protection from the Exhaustive Options list during the EasyApache build process.
Please read the whole article from http://docs.cpanel.net/twiki/bin/view/EasyApache/Apache/SymlinkPatch
Now check the server if it is already have a Symlink
# find /home*/*/public_html -type l
All the above solutions can be exploited easily too. Our Security team tested and find out it. But there is another good option in cloud linux.
This issue can easily be fixed in Cloud linux Using the secure links. It is one of the best solution. It use a kernel level protection. You can enable it in sysctl.conf by adding the following lines
fs.enforce_symlinksifowner = 1
You can set any of the followivg values
fs.enforce_symlinkowner == 0 -> do not check symlink ownership fs.enforce_symlinkowner == 1 -> deny if gid == symlinkown_gid fs.enforce_symlinkowner == 2 -> deny if gid > symlinkown_gid [since kernel 2.6.32-379.19.1.lve1.2.8]
If you need to exclude Symlink check of a specific user , you can do it as follows,
fs.symlinkown_gid = XX , where XX is the UID
To apply the Sysctl changes , plese do it as follows,
sysctl -p
Please read more about it from http://docs.cloudlinux.com/index.html?securelinks.html
Categories
- cPanel Question 47
- cPanel Software Management 29
- cPanel Tutorials 13
- Development 29
- Domain 13
- General 19
- Linux Helpline (Easy Guide) 156
- Marketing 47
- MySQL Question 13
- News 2
- PHP Configuration 14
- SEO 4
- SEO 42
- Server Administration 84
- SSL Installation 54
- Tips and Tricks 24
- VPS 3
- Web Hosting 44
- Website Security 22
- WHM questions 13
- WordPress 148
Subscribe Now
10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!Archive Calendar
Sat | Sun | Mon | Tue | Wed | Thu | Fri |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | |
7 | 8 | 9 | 10 | 11 | 12 | 13 |
14 | 15 | 16 | 17 | 18 | 19 | 20 |
21 | 22 | 23 | 24 | 25 | 26 | 27 |
28 | 29 | 30 | 31 |
Recent Articles
-
Posted on : Sep 17
-
Posted on : Sep 10
-
Posted on : Aug 04
-
Posted on : Apr 01
Tags
- ts
- myisam
- vpn
- sql
- process
- kill
- tweak
- server load
- attack
- ddos mitigation
- Knowledge
- layer 7
- ddos
- webmail
- DMARC
- Development
- nginx
- seo vpn
- Hosting Security
- wireguard
- innodb
- exim
- smtp relay
- smtp
- VPS Hosting
- cpulimit
- Plesk
- Comparison
- cpu
- encryption
- WHM
- xampp
- sysstat
- optimize
- cheap vpn
- php-fpm
- mariadb
- apache
- Small Business
- Error
- Networking
- VPS
- SSD Hosting
- Link Building
- centos
- DNS
- optimization
- ubuntu