Recent Blog Posts

VirtFS (Jailed Shell)

Overview cPanel & WHM uses VirtFS to provide a jailed shell environment for users who connect to a server via SSH. The jailed shell acts as a container for the user, and does not allow the user to access other users’ home directories on the server.Unlike a normal shell environment, a jailed shell environment increases  security for a server’s other users. Users in a jailed shell environment can run otherwise-unavailable...

Read More

HOW TO DISABLE SYMLINKS ON LINUX WHM/CPANEL

Login to WHM/cPanel server via SSH with root access and execute following commands:$ wget http://layer1.rack911.com/before_apache_make -O /scripts/before_apache_make $ chmod 700/scripts/before_apache_make And then recompile apache by previous saved profile:$ /scripts/easyapache That is all, you can also check for any symbolic links already created:$ find /home*/*/public_html -type l This will output directories and files...

Read More

Protecting your cPanel/WHM server from SSLv3 POODLE vulnerability

Here is a quick script for you to check if your cPanel/WHM server is vulnerable. Execute the following as root. If you get ANY cipher output, your server can be considered vulnerable.for port in 21 443 465 993 995 2083 2087 2078 2096; do echo “Scanning $port”; for cipher in $(openssl ciphers -sslv3 ‘ALL:eNULL’ | sed -e ‘s/:/ /g’); do echo -n | openssl s_client -sslv3 -cipher “$cipher”...

Read More

Centralised logging and monitoring server

Philosophical ramblings Why? Two reasons, network administration and security. From an administrative POV the server should be reliable, placed on a central point on the network, able to directly reach as many of the monitored items as possible so that the exact point of failure can be easily determined. It can’t do much monitoring if it’s not working due to hardware problems and by making it reach as many things as possible in as few hops...

Read More

C – fork a child process using vfork()

Creates a child process using vfork(). The child increments a global variable (glob) and a local one (var) and returns the corresponding process id of the respective process. With vfork() the child uses the same environment as the parent, so if the child changes these values, the parent uses the changed ones too.  /* creates a child process using vfork(). * the child increments a global variable (glob) * and a local one (var) and...

Read More