Symlink Attacks Solutions

This attack usually occurs after the attacker has been able to read the contents of the /etc/passwd file and has enumerated the server’s users.

The attacker then runs a script which blindly builds symbolic links (a bit like shortcuts on Windows or Aliases on a Mac) to locations where configuration files for commonly used CMS might be kept in each user’s home directory.

If you enable both of the configuration settings SymLinksIfOwnerMatch and FollowSymLinks, Apache will be vulnerable to a race condition through symlinks. This symlink vulnerability allows a malicious user to serve files from anywhere on a server that has not been protected by strict OS-level permissions.

symlink-attack

Use the following Solutions to prevent from Symlink attack valnurablities in cpanel

Filesystem-level solutions

Enable mod_ruid + jailshell for your apache webserver.

This option is very easy to enable. Simply recompile Apache and then enable Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell in Tweak Settings.

cageFS

CageFS is a virtualized file system and a set of tools to contain each user in its own ‘cage’. This option is available on all cPanel-supported platforms today, and it is already included with CloudLinux.

Kernel + Apache solutions

Kernel level protection, you can’t really get any better then this. Requires a custom kernel GRsec, etc., and the burden of maintaining and installing it.

Mod_hostinglimits securelinks with CloudLinux kernel

If you currently use CloudLinux, this option has already been installed. The directive will not affect VirtualHosts which do not have a specified user id.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

cPHulk Brute Force Protection

WHM/cPanel has a service, protected from Brute Force attack, which is called “cPHulk Brute Force...

Enable SSH key authorized login without root password

You need to generate SSH Key ( the private key )on your cpanel server and then update remote...

How can I Redirect URLs in cPanel

Login your cpanel 1. Click the Redirects button on the front page under the “domains” 2. Enter...

Enable Custom php.ini for Fast CGI

With fast-cgi, custom php.ini needs to be in the cgi-bin folder. 1) Move php.ini to cgi-bin...

ConfigServer Firewall CSF installation

ConfigServer firewall is a popular linux firewall security suite. It is easy to install, flexible...

Powered by WHMCompleteSolution