Announcement

Collapse
No announcement yet.

CageFS (3.2-12.el5) and /var question

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • CageFS (3.2-12.el5) and /var question

    With the default cagefs.mp
    having:

    Code:
    /var/lib/mysql
    
    /var/spool
    
    /var/cpanel
    
    /dev/pts
    
    /usr/local/apache/domlogs
    
    /proc
    
    /opt
    in /var/spool/mail as a caged user I can see all usernames of all other accounts.
    Its not a big deal but still remains a threat, someone can harvest all usernames
    and start guessing / brute forcing passwords, or guess the domain names from them
    (cpanel creates username based on domain) and start digging it more...

    Can I somehow block access to it ?

  • #2
    Hello!

    Please, remove line
    /var/spool
    from /etc/cagefs/cagefs.mp file
    and then execute
    cagefsctl --remount-all

    Comment


    • #3
      What should a regular cagefs.mp file contain to work normally but a bit strict ?

      Comment


      • #4
        It depends on the server & presence of litespeed webserver.
        You can try executing:
        cagefsctl --create-mp

        And it will create /etc/cagefs/cagefs.mp -- trying to put only the things that are necessary.

        Comment


        • #5
          cagefsctl --create-mp creates this

          /var/lib/mysql
          /var/spool
          /var/cpanel
          /dev/pts
          /usr/local/apache/domlogs
          /proc
          /var/run/proxyexec/cagefs.sock
          /opt

          so I suppose it needs /var/spool

          Comment

          Working...
          X