Archive for the tag 'Execution'

Implement Periodic Execution of Integrity Checking

By default, AIDE does not install itself for periodic execution.

Implement checking with whatever frequency is required by your security policy.
A once-daily check may be suitable for many environments. For example, to
implement a daily execution of AIDE at 4:05am, add the following line to /etc/crontab:

05 4 * * * root /usr/sbin/aide –check

AIDE output may be an indication of an attack against your system, or it may
be the result of something innocuous such as an administrator’s configuration
change or a software update.

Implementation and Execution of an installation script.

Script below is applicable in cases when Parallels Installer is previously uploaded to the target server and the execution bit is set in its permissions.

for current_server in $SERVERS_LIST; do
scp parallels_installer root@$current_server:
ssh -f root@$current_server “parallels_installer –source –target /tmp/panel –select-release-id PLESK_10_0_0 –install-component base –install-component postgresql –install-component asp –notify-email”

To avoid being prompted for password each time you connect via SSH to the servers where the Panel should be installed, place your public key to the list of authorized keys of a user on whose behalf the script is run on each server.


ProFTPD Remote Code Execution Vulnerability and Exploit

A flaw in the popular ProFTPD FTP server potentially allows unauthenticated attackers to compromise a server. The problem is caused by a buffer overflow in the pr_netio_telnet_gets() function for evaluating TELNET IAC sequences.

ProFTPD bug report:

Fixes for the vulnerabilty and exploit.

Parallels has used its micro-update patch functionality in Plesk 9.5x, Plesk 10, and Small Business Panel 10.2 to fix this exploit. You can run the Parallels AutoInstaller to fix this or check the Updates section of your Plesk Panel 9.5x, Plesk 10, or Small Business Panel 10.2 to fix this. This is a file-replace, as opposed to a new install so it will be quick and reliable. To find this in the GUI:

Parallels Plesk Panel 10.x: “Server Management” -> “Tools & Utilities” -> “Updates” -> “Update Components” -> click “Continue”

Disable Script Execution Using .htaccess

You can disable scripts being run in the directory of your choice by adding the following code to your .htaccess file in that directory

This would be particularly useful if you allow visitors to upload files to your server, but want to be sure that any potentially harmful files they upload are not allowed to execute.

AddHandler cgi-script .php .pl .jsp .asp .sh .cgi
Options -ExecCGI

You can replace the file types in the example with the file types you wish to disallow using .htaccess.