CentrioHost Blog

Stories and News from IT Industry, Reviews & Tips | Technology Blog


Symlink / Softlink Protection For Security In Apache – SOLVED

You may need to read the whole article before choosing it.

Step 1 :  You may need to  turn on “SymLinksIfOwnerMatch” in WHM Apache Global Configuration

Step  2:  Apply the Patch from rack9 , what he do is to turn on by default in apache  source and compile it to apply this patch please do it as follows,

wget http://layer1.rack911.com/before_apache_make -O /scripts/before_apache_make
chmod 700 /scripts/before_apache_make

#Rebuild apache after.

/scripts/easyapache

Step  3 :  Apply the Symlink Race condition patch from Blue Host. It is is now available in easy apache. To apply the patch, select Symlink Race Condition Protection from the Exhaustive Options list during the EasyApache build process.

Please read the whole article from  http://docs.cpanel.net/twiki/bin/view/EasyApache/Apache/SymlinkPatch

Now check the server if it is already have a Symlink

# find /home*/*/public_html -type l

All the above solutions can be exploited  easily too. Our Security team tested and find out it. But there is another  good option in cloud linux.

This issue can easily be fixed in Cloud linux Using the secure links. It is one of the best solution.  It use  a kernel level protection. You can enable it in sysctl.conf  by adding the following lines

fs.enforce_symlinksifowner = 1

You can set any of the followivg values

fs.enforce_symlinkowner == 0 -> do not check symlink ownership
fs.enforce_symlinkowner == 1 -> deny if gid == symlinkown_gid
fs.enforce_symlinkowner == 2 -> deny if gid > symlinkown_gid   [since kernel 2.6.32-379.19.1.lve1.2.8]

If you need to exclude Symlink check of a specific user , you can do it as follows,

fs.symlinkown_gid = XX   , where XX is the  UID

To apply the Sysctl changes , plese do it as follows,

sysctl -p

Please read more about it from  http://docs.cloudlinux.com/index.html?securelinks.html

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!

Archive Calendar

SatSunMonTueWedThuFri
 123456
78910111213
14151617181920
21222324252627
28293031 

Over 20000 Satisfied Customers!

  • web hosting reviewer
    Valerie Quinn
    CTO, Acteon Group

    Centriohost staff were fantastic, I had a concern with a domain and they got back to me very quickly and they helped me to resolve the issue! ~ . . . Read more

  • Joomla hosting reviewer
    Collin Bryan
    Photographer, Allister Freeman

    I'm using centrio for my portfolio since 2006. The transition was seamless, the support was immediate, and everything works perfectly. ~ . . . Read more

  • dedicated server reviewer
    Harry Collett
    Actor, A&J Artists

    Very easy to understand & use even though I am not very technologically minded. No complications whatsoever & I wouldn't hesitate to recommend it to all. ~ . . . Read more

  • vps web hosting reviewer
    Porfirio Santos
    Technician, Diageo PLC

    Centrio support team have been amazingly responsive and helpful to any of my queries, thank you so much to the Centriohost have been amazingly responsive and helpful to any of my queries 👍👍👍 ~ . . . Read more

  • wordpress hosting plans reviewer
    Catherine Auer
    Doctor, SmartClinics

    Anytime I've had a problem I can't solve, I've found Centriohost to be diligent and persistent. They simply won't let an issue go until the client is happy. ~ . . . Read more

  • reseller hosting reviewer
    Effectivo Social
    Freelancer, Fiverr

    Recommend their shared hosting for all my SME web design clients. Their cloud or VME offerings are too great to deal with. Pricing is perfect and suitable for all users (͠≖ ͜ʖ͠≖) 👌 ~ . . . Read more

Top