CloudLinux - PHP Selector and restricting PHP functions

Dell keeps their Linux servers on and secure with KernelCare - all the latest security patches are promptly applied to running kernels

We are often asked how to prevent particular php function from being used by all clients. This is especially true about functions like exec, passthru, etc... This is something that can be easily done with php-selector. Your customers are only allowed to modify directives listed in /etc/cl.selector/php.conf file. For example if you want to block system command like 'exec' for php53 you have to add 'disable_functions=exec' in /opt/alt/php53/etc/php.ini file. As long as this directive is absent in /etc/cl.selector/php.conf file, users will not be able to use 'exec' in their scripts.

Do you want a quick check of what directives your users may customize? Execute the following command as root on your server:
# grep Directive /etc/cl.selector/php.conf

Yet, trying to secure your hosting with php.ini is wrong approach. It might work for php processes, but it will not work for CGI scripts. The secure environment is already established by CageFS which limits what processes can see or do to only safe actions.

Put an end to reboots forever with a single command

frank doud

"Quickest turnaround for security patches I have ever seen. Outstanding product and service. Plug and Play. This product is #1 at protecting your server’s kernel."

Frank Doud
Owner of G.C. Solutions

1,500+ companies are running their servers securely without reboots

Trusted by Companies Like Yours