As per a post in our Forums, we’ve recently outlined how to get your Linux system a separate /tmp filesystem, which won’t allow executables and has other values to keep ‘nefarious’ content out of /tmp
In this post we outline some other simple things that can be done to stop “unwanted usage” of your web hosting Linux server.
What’s “unwanted usage” mean, well basically anything that isn’t what you want your web server to do. In many cases, there are code vulnerabilities which can be exploited in common web hosting software like; PHP and other, which mean that crackers can try to find ways to get your web server to do things which you hadn’t intended (eg: IRC servers, hosting other content & more).
Often PHP & other backend software system exploits are used to get your web host to download other software, install it & then run it. There are many conventional Linux commands which can be used to do this initial downloading, including commands like; wget, lynx, ftp (as a client) & more. But usually these commands are needed in the regular operation of a web server, so one solution is to stop the ability of the process running your web server (eg: the user apache or www on your web server) from accessing these commands. A simple way to do this is to remove the ‘other’ permission from the executables of these commands, like:
chmod o= /usr/bin/wget
Then do the same for the ‘ftp’, ‘lynx’ & other Internet client commands.
Of course, completely removing unnecessary software from your web server host is also a good thing to do & you can do that through your favourite Package Management system (eg: yum, apt, etc). eg: “yum remove wget” in the case of the wget utility.
If you’re not sure what Package installed the relevant executable program and you’re using Yum, then “yum whatprovides ‘*/wget'” would reveal the package name that installed the wget program to your Linux system.
Another idea is to remove unnecessary scripting languages from being able to be accessed by the web server processes & user, so like above, remove the executable flag for the web server (or ‘other’) user from files like; the Python & Ruby executables (if they’re installed).
Finally, as also mentioned in our Forums, wherever possible, we recommend that customers keep their systems up to date with the latest available software versions & releases. In Redhat based Linux, this can be done with the Yum command, “yum upgrade”, and in Debian/GNU Linux versions, if you’re using APT, the command, “apt-get upgrade”.
Naturally, if these upgrades install a new kernel version, you will probably need to update your Boot Loaders config for that new kernel release’s file. eg: /boot/grub/grub.conf (Redhat based) or /boot/grub/menu.lst (GNU Linux based)
Don’t forget that we’re available to assist Network Presence customers with any of these issues & actions, so please feel free to contact us.