If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
if the bind.allow list was implemented in each customers /etc dir, they wouldnt be able to modify it correct?
I was thinking more along the lines of a global config file that the server admin sets as the allowed IPs
and then their owned ip gets grabbed from their assigned IPs in the control panel, otherwise many allow config files could be a pain for the server admin to maintain.
Would this mean though if there was 200 user accounts and an admin wanted to add additional "public non owned IPs" to the /etc/bind.allow they would have to edit this in every single user account or are you saying we edit one allow file for all users?
this is actually easier then you think:
# cd /var/securelve
# for userhome in `ls`; do
# echo NEW_IP >> $userhome/etc/bind.allow
# done
Or something like that.
Yet, basically -- it will be up to control panels (or control panel plugins) to expose it to admin. We might add a script like:
# securelve_ip --add_shared NEW_IP
etc...
Yet, the mechanism looks feasable/configurable. The question is -- will virtualized /etc/bind.allow work...
It is ready for non-CP servers, or servers that use ISPManager/InterWorx (rpm based)
Plesk 9.5 -- has custom suexec, that prevents it to work. We are working on resolving that
Plesk 10 (preview) -- works
cPanel -- not yet (requires patches for suexec, suPHP)
DirectAdmin -- not yet (requires patches for suexec, suPHP)
Does that mean it would work for those of us who have the following use cases:
1) Directadmin with Litespeed enterprise web server (THey dont use suPHP they use something different) also we have php compiled with exec dir patch on these systems.
2) Directadmin with no web server only SSH shell accounts
also does secureLVE prevent shell users from seeing other users processes (ps aux) much like the freeBSD echo security.bsd.see_other_uids=0 >> /etc/sysctl.conf
SecureLVE will work already with DirectAdmin with no web server.
It will not work with LiteSpeed -- we are yet to approach LiteSpeed with this new functionality, as we want to make sure it is fully working/in production at multiple hosts before we bother them with it.
We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.
By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.
Tweet
ortnumber
Comment