Enhancing Security

When you share a single physical server between many users, you consider all security aspects thoroughly. Although Panel provides an acceptable security level, there are suggested ways to improve it. This chapter provides instructions on protecting Panel server and hosted domains from unauthorized access.

Restricting Script Execution in the /tmp Directory

To secure the Panel server, it is recommended to create /tmp as a separate partition and mount it with noexec and nosuid options. These options do the following:

• noexec disables the executable file attribute within an entire file system, effectively preventing any files within the file system from being executed.
• nosuid disables the SUID file-attribute within an entire file system. This prevents SUID attacks on, say, the /tmp file system.

To secure the /tmp partition of your Panel server:

• If /tmp is a separate partition on the server, you only need to edit /etc/fstab and add the noexec and nosuid options for /tmp. Then remount the partition.
• If the /tmp directory resides on the / partition:
  1. Create a new partition for /tmp, for example with a size of 512 MB:

     # mkdir /filesystems

     # dd if=/dev/zero of=/filesystems/tmp_fs seek=512 count=512 bs=1M

     # mkfs.ext3 /filesystems/tmp_fs

  2. Add the following line to /etc/fstab:

     /filesystems/tmp_fs /tmp ext3 noexec,nosuid,loop 1 1

  3. Move the current /tmp directory content to another location.
  4. Mount the new /tmp partition:

     # mount /tmp

  5. Move the content from the old /tmp directory to the new one.

Configuring Site Isolation Settings

Parallels Plesk Panel allows you to define non-secure settings for web hosting. You can do this if you have permission to override server-wide hosting security restrictions. If you do not have this permission, you can manage only options specified in the PRODUCT_ROOT_D/admin/conf/site_isolation_settings.ini file, where the $PRODUCT_ROOT_D is /usr/local/psa for RPM-based systems or /opt/psa on DEB-based systems.

The configuration file specifies the list of allowed values for hosting options:

[hosting]

php = on

php_handler_type = fastcgi

;python = off

;perl = off

;fastcgi = any

;miva = off

;ssi = any

;ssl = on

;shell = /usr/local/psa/bin/chrootsh

;asp = any

;php_safe_mode = on

;coldfusion = off

In this file, you can uncomment a line by removing the semi-colon (;) and comment out a line by adding the semi-colon (;) in the beginning of the line.

You can set the following options values:

• on and off for scripting options.
• module, fastcgi, cgi for php_handler_type.
• A line from /etc/shells file for shell.
• any for any option if the option value is not restricted.

In addition, there are the following restrictions for options values:

• If the php is off, the php_handler_type and the php_safe_mode SHOULD be any.
• If the fastcgi is off, the php_handler_type SHOULD NOT be fastcgi.

Protecting from Running Tasks on Behalf of root

By default, Parallels Plesk Panel allows utilities or scripts to be run on behalf of root in two cases:

• Scheduling tasks with the cron manager
• Handling events with the Event Manager tool

This makes Panel server vulnerable to malicious software. To eliminate these vulnerabilities, create the following files and leave them empty:

• $PRODUCT_ROOT_D/var/root.crontab.lock prevents users from running cron tasks and viewing the list of tasks scheduled on behalf of root.
• $PRODUCT_ROOT_D/var/root.event.handler.lock prevents users from creating event handlers functioning on behalf of root.

The $PRODUCT_ROOT_D is /usr/local/psa for RPM-based systems or /opt/psa on DEB-based systems

Leave your comments on this page