Security Breech in SSHWIN32
While using win32ssh (ssh) to accessing colocated servers from existing server shell accounts users can open all server and root files for veiwing also can copei /dl any file, BY using ssh secure file transfer in (sshwin32)while logged in seeing folders in ur user shell account U clic veiw (at top of ssh32 program) Then click> show root files or hidden files the servers directories are listed If u clic on a dir it opens to files if u pick a file then right clic on it u can download it
u cant write to these folders or files but u can steal them /veiw the directories >(STEAL)< My question is as follows > How do i prevent shell users from seeing and copieing files in root or server files Did a test was able to dl; http.conf and / etc WHAT do i need to do to block veiwing and or copieing server files outside of a shell Thanks digihlp@hotmail.com :smash: |
Soz, this post slipped by for a while...
Since it's a colo server, making sure root can't ssh in and changing dir/file permissions are about the only things you could do w/o some risk breaking things. /etc dir should be world readable/executable, but the most files need only rw for root user and group. For example for Apache have a look at Security Tips for Server Configuration. After binding to port 80 as root, it will drop to User and Group defined in the httpd.conf, there's no need for /etc/httpd dir to be world readable/executable. HTH somehow. |
All times are GMT -5. The time now is 05:29 PM. |