Hiding binaries on cpanel server

Portal Home > Knowledgebase > Articles Database > Hiding binaries on cpanel server

Posted by winlinuxadmins, 06-03-2013, 11:41 PM
Hello, If you having cagefs enabled for your Cpanel server you can hide the binary from user which might be harmful to server and cause of exploit, by adding binary name into "black.list" file. After adding the file to blacklist make sure you update the cage filesystem with cagefsctl --update option. << snipped >>
Posted by whmcsguru, 06-04-2013, 04:50 AM
This is pretty useless. Cagefs already limits pretty much everything under the sun anyways.
Posted by winlinuxadmins, 06-04-2013, 05:04 AM
Hi, This might be useless for you, but i hope it will help others. If you take the security, applying cagefs is not 100% full proof solution and you still need custom changes.
Posted by Steven, 06-04-2013, 10:34 AM
It actually is pretty worthless. Especially with restricting uname. There's several other ways to get that same data.
Posted by winlinuxadmins, 06-04-2013, 10:59 PM
you take my point. Its never secure 100% even if you have cagefs.. but again as i said its good to have custom setting to prevent it. Regarding "uname" yes, there are several ways to get details... the above black.list was provided to show example. to understand the use of it.