Announcement

**smajor** · 08-11-2010, 06:24 PM

k, thank you...

for directadmin I just dug into where it shows an IP as owned by a specific user:

/usr/local/directadmin/data/users/username/user.conf

the setting in that file is:
ip=72.23.52.42

**smajor** · 08-11-2010, 06:28 PM

if the bind.allow list was implemented in each customers /etc dir, they wouldnt be able to modify it correct?

I was thinking more along the lines of a global config file that the server admin sets as the allowed IPs

and then their owned ip gets grabbed from their assigned IPs in the control panel, otherwise many allow config files could be a pain for the server admin to maintain.

**iseletsk** · 08-11-2010, 07:31 PM

It is owned by root so user will not be able to modify it.
It is still running as user -- it is not a VPS.

**smajor** · 08-11-2010, 09:33 PM

Would this mean though if there was 200 user accounts and an admin wanted to add additional "public non owned IPs" to the /etc/bind.allow they would have to edit this in every single user account or are you saying we edit one allow file for all users?

**iseletsk** · 08-11-2010, 09:49 PM

this is actually easier then you think:
# cd /var/securelve
# for userhome in `ls`; do
# echo NEW_IP >> $userhome/etc/bind.allow
# done

Or something like that.
Yet, basically -- it will be up to control panels (or control panel plugins) to expose it to admin. We might add a script like:
# securelve_ip --add_shared NEW_IP
etc...
Yet, the mechanism looks feasable/configurable. The question is -- will virtualized /etc/bind.allow work...

**smajor** · 08-17-2010, 12:39 AM

Nice,

Also I am sure you have already thought of this but it is important to prevent people from binding to the interface: 0.0.0.0

--Stephen

**smajor** · 08-17-2010, 12:42 AM

or

::

ortnumber

**smajor** · 09-24-2010, 03:12 AM

I was wondering on the status of SecureLVE, we want to move our systems over to Cloudlinux but are waiting on SecureLVE to be completed.

**iseletsk** · 09-24-2010, 09:32 AM

It is ready for non-CP servers, or servers that use ISPManager/InterWorx (rpm based)
Plesk 9.5 -- has custom suexec, that prevents it to work. We are working on resolving that
Plesk 10 (preview) -- works
cPanel -- not yet (requires patches for suexec, suPHP)
DirectAdmin -- not yet (requires patches for suexec, suPHP)

**smajor** · 09-24-2010, 07:37 PM

Does that mean it would work for those of us who have the following use cases:

1) Directadmin with Litespeed enterprise web server (THey dont use suPHP they use something different) also we have php compiled with exec dir patch on these systems.

2) Directadmin with no web server only SSH shell accounts

**smajor** · 09-24-2010, 07:39 PM

also does secureLVE prevent shell users from seeing other users processes (ps aux) much like the freeBSD echo security.bsd.see_other_uids=0 >> /etc/sysctl.conf

**iseletsk** · 09-26-2010, 09:10 AM

To limit user to see only his processes:

Introduction

http://www.cloudlinux.com/docs/virtualized_proc.php

**iseletsk** · 09-26-2010, 09:11 AM

SecureLVE will work already with DirectAdmin with no web server.
It will not work with LiteSpeed -- we are yet to approach LiteSpeed with this new functionality, as we want to make sure it is fully working/in production at multiple hosts before we bother them with it.

**smajor** · 01-22-2011, 11:41 PM

Any update on the binding of IPs in SecureLVE?

**iseletsk** · 01-23-2011, 09:21 AM

No, haven had the chance to look at that part yet

Announcement

SecureLVE Bind to specific IP addresses

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment