Security | M d3velopment

Mount the /tmp partition with ‘noexec’ and ‘nosuid’ options

On Linux servers (especially web servers) it is recommended to create /tmp as separate partition and mount it with ‘noexec’ and ‘nosuid’ options. ‘noexec’ disables the executable file attribute within an entire filesystem, effectively preventing any files within that filesystem from being executed. ‘nosuid’ disables the SUID file-attribute within an entire filesystem. This prevents SUID attacks on the /tmp filesystem.

WARNING: Various services such as MySQL, Postgres, Plesk and Zend use /tmp as temporary storage. You must STOP these services before carrying out the procedure below. Failing to disable these services may cause major InnoDB database corruption.

1. Stop all services including Plesk, MySQL, Apache, Postgres, SpamAssassin and any other service utilizing the /tmp file system.

2. Copy all of the files in /tmp to a holding directory:

# cp -Rp /tmp /tmp-backup


Continue Reading

Christopher June 16, 2010

Mobile Security

Blacksn0w RC2 Released To Unlock iOS 4

Steve, the guy who was behind PushFix 2.0 (the first real fix for Push Notifications) for unlocked iPhones and Blacksn0w RC2 fix for iPhone 3.1.3…

Christopher June 15, 2010

Security

Facebook Privacy: A How-To Guide

Facebook CEO Mark Zuckerberg announced new privacy features for the site on Wednesday following a firestorm of criticism. In April Facebook angered users when it…

Christopher June 1, 2010

Security Windows

Bruter 1.0 – Parallel Brute Force Tool

Bruter is a parallel brute force network login cracker. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter…

Christopher May 26, 2010

Linux Security

How to change the default Plesk Control Panel port

By default Plesk uses TCP port 8443 to allow access to the control panel, for example: http://server1.domain.net:8443. For security reasons, its recommended to change the default port to a non-standard port number such as 6677.

Parallels Plesk Panel versions 7.x – 8.x use the Apache service with configuration file $PRODUCT_ROOT_D/admin/conf/httpsd.conf. To change the control panel port you need to modify directives Port, Listen and <VirtualHost *:PORT> in the Apache configuration file for the control panel. Once edited you must restart the Plesk control panel:

~# /etc/init.d/psa restart Stopping Plesk... done Starting Plesk... done ~#

Please note that none of the ports (21, 22, 23, 25, 53, 80, 110, 443, etc…) used for the standard web hosting services (Apache, POP, SMTP, mySQL, ProFTPd, BIND) can be used.

Parallels Plesk Panel version 9.x uses sw-cp-server instead of Apache. Configuration file of Parallels Plesk Panel is /etc/sw-cp-server/applications.d/plesk.conf. Find the following line in the file and change the port:

Christopher May 23, 2010