keep up with known vulnerabilities
keep up with known vulnerabilities. Here are some examples of sites that regularly post an updated list of isolated vulnerabilities:
http://www.hardened-php.net/advisories.15.html
http://www.milw0rm.com/
http://www.twitter.com/milw0rm
One of the most common methods an attacker will use is to use a search engine to isolate sites running content management systems with known security holes and using the known exploit to gain access to your system. Keeping a watchful eye on matters such as this is a very important task as system administrator.
Using hardening tools Suhosin in Cpanel Servers for PHP
The Suhosin extension “was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.”
Reference : http://www.hardened-php.net/suhosin/
Perhaps more importantly, the Suhosin community would be an excellent starting point for learning about flaws in PHP, as well as other extensions, configurations, and techniques you can use to protect your server.
Since many popular scripts are not compatible with Suhosin’s restrictions, you need to test it before moving to production.
How to find primary and backup Superblock
dumpe2fs prints the super block and blocks group information for the filesystem present on device.
#dumpe2fs /dev/hda4 | grep -i superblock
dumpe2fs 1.39 (29-May-2006)
Primary superblock at 0, Group descriptors at 1-1
Backup superblock at 32768, Group descriptors at 32769-32769
Backup superblock at 98304, Group descriptors at 98305-98305
Backup superblock at 163840, Group descriptors at 163841-163841
Backup superblock at 229376, Group descriptors at 229377-229377
Backup superblock at 294912, Group descriptors at 294913-294913
Backup superblock at 819200, Group descriptors at 819201-819201
Backup superblock at 884736, Group descriptors at 884737-884737
Backup superblock at 1605632, Group descriptors at 1605633-1605633
Now you can use the command below to repair the file system.
e2fsck - check a Linux ext2/ext3 file system
Apache PHP Request Handling in Cpanel
Cpanel PHP’s main configuration file is located at /usr/local/apache/conf/php.conf
The php.conf file is called by the Apache configuration file (httpd.conf) by means of an include command.
WHM provides an interface that can assist you in configuring PHP. It is located in Service Configuration >> Apache Configuration >> PHP and SuExec Configuration. You are also able to access a command line interface that provides the same options through the following script:
/usr/local/cpanel/bin/rebuild_phpconf
Reference: http://cpanel.net
CA (Certificate Authority) Bundle
A file on your server that verifies that your public and private keys were issued by a trusted entity.
If your Certificate Authority sent you a CA bundle file, you can install it to your server using WHM’s Install a SSL Certificate and Setup the Domain feature, or the Manage Service SSL Certificates feature.
Install a SSL Certificate and Setup the Domain
When you use this feature, WHM will automatically install your SSL certificate and private key in the correct directories. You may either paste the certificate and key into the fields on the screen yourself, or allow WHM to retrieve them.
It is very important that your SSL certificate and private key reside in the correct directories because if they do not, your server will remain unauthenticated, leaving your visitors at risk.