1. Forums
  2. CloudLinux and Control Panels
  3. CloudLinux and cPanel
  1. Christos Panagiotakis
  2. 27.04.2012
  3.  Subscribe via email
With the default cagefs.mp
having:
/var/lib/mysql
/var/spool
/var/cpanel
/dev/pts
/usr/local/apache/domlogs
/proc
/opt


in /var/spool/mail as a caged user I can see all usernames of all other accounts.
It\'s not a big deal but still remains a threat, someone can harvest all usernames
and start guessing / brute forcing passwords, or guess the domain names from them
(cpanel creates username based on domain) and start digging it more...

Can I somehow block access to it ?
Rate this post:
  1. 07.05.2012 09:05:47
  2. # 1
Anton Volkov Accepted Answer
Posts: 47
Joined: 03.04.2012
0
Votes
Undo
Hello!

Please, remove line
/var/spool
from /etc/cagefs/cagefs.mp file
and then execute
cagefsctl --remount-all
  1. 08.05.2012 12:05:13
  2. # 2
Posts: 19
Joined: 21.04.2011
0
Votes
Undo
What should a regular cagefs.mp file contain to work normally but a bit strict ?
  1. 08.05.2012 12:05:42
  2. # 3
Igor Seletskiy Accepted Answer
Posts: 1201
Joined: 09.02.2010
0
Votes
Undo
It depends on the server & presence of litespeed webserver.
You can try executing:
cagefsctl --create-mp

And it will create /etc/cagefs/cagefs.mp -- trying to put only the things that are necessary.
  1. 08.05.2012 12:05:02
  2. # 4
Posts: 19
Joined: 21.04.2011
0
Votes
Undo
cagefsctl --create-mp creates this

/var/lib/mysql
/var/spool
/var/cpanel
/dev/pts
/usr/local/apache/domlogs
/proc
/var/run/proxyexec/cagefs.sock
/opt

so I suppose it needs /var/spool :)
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.