ADMIN WEBHOSTING DEVELOPMENT

A short text to describe your forum
http://admin.webhostingdevelopment.com/

How to find and prevent symlink attack

http://admin.webhostingdevelopment.com/viewtopic.php?t=126

Page 1 of 1

How to find and prevent symlink attack

Posted: Wed Apr 24, 2013 12:37 pm
by a24uall
How to find if there is a symlink attack :
ls /var/cpanel/users | grep -v "\`\|\.\|cpanel\|root\|mysql\|nobody" | while read CPUSER; do find /home/$CPUSER -type l -not \( -lname "/home/$CPUSER/*" -o -lname "*rvsitebuilder*" -o -lname "[^/]*" -o -lname "/usr/local/apache/domlogs/*" -o -lname "/usr/local/urchin/*" \) ; done
Symlink attack can be prevented to an extend by editing the below lines in apache configuration file. Each server might have a different value depending on how apache was configured and you can change that to :
<Directory "/">
Options ExecCGI -FollowSymLinks Includes IncludesNOEXEC Indexes -MultiViews SymLinksIfOwnerMatch
AllowOverride AuthConfig FileInfo Limit Indexes Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,SymLinksIfOwnerMatch,MultiViews
</Directory>
All times are UTC+05:30
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited