Virtual hosting and security holes. Brief overview.
About distro's.
1.Use standard and stable distro like RHEL, Suse, CentOS and Debian. Do not use testing, unstable and rare distros like Fedora, Ubuntu, OpenSUSE etc....
2.Do regular update of distro to keep it fresh and fix security holes.
About applications.
1.Use standard packages from distro to produce services. Do not use self maded and (or) compiled from source packages, because it attracts problems in updates.
About control panels and daemons.
1.Do not place control panels code in same tree, that customers site.
2.Do not execute control panels code under same web-server, that runs all sites. Use separate web-server (lighttpd for example) to run administrative part of control panel. Restrict access to control panels administrative code from trusted hosts with iptables, pf or ipfw.
3.Some control panels requires to be launched from user 'root'. Set owner 'root' and chmod 0600 for files, that keeps access data to database and etc... Do it similary for other CP's, that requires other user to launch.
4.Do not store control panels data in the same database servers, that uses customers. Use separately database server on a separate server.
5.Use different databases users (roles) to access control data from application (like postservers, ftpd-daemons and others). Grant minimal access rights (only 'select') to those users. Prevent those users to view password in a plain text mode. Use views and md5 where it's possible. Grant access to config files properly. (Set owner and mode right. For example: chown postfix:postfix main.cf and chmod 0600 main.cf for postfix config's file).
6.Prevent daemons and programs execution from user 'root' everywhere, where it is possible.
About customers file system restrictions.
1.Keep owner for files and folders as customers uid:gid. Change gid only for webroot folder. Do not allow to place files with setuid bit.
2.Clear group and others right everywhere is it possible. Clear write permissions everywhere is it possible.
3.Keep 'read' and 'execute-search' permissions for httpd's group only for web folders and files. Clear this on a files, which contains logins/passwords (for database, for example), if it does not call errors. Set 'write' permissions for group only on a folder, which really wants it.
4.Use quotas everywhere it's possible.
About customers cron jobs.
1.Do not launch customers cron jobs with privileges rather than cunstomets uid. Do chroot in a customers folder before execution. Do not execute jobs too frequently.
2.Provide launch of customers cron jobs via wget call.
About ftp access.
1.Use VsFTPD everywhere it is possible. You loss bandwith control, but get security.
2.Use ftps instead of ftp to prevent larceny of logins and password.
3.Disable ASCII-mode in a ftp-server.
4.Disable chown function in a ftp-server's config. Use 'umask'.
About ssh-access.
1.Disable root access on a server. Use non-provileged port to bind ssh-server. Control access via 'sudo' mech.
2.Use ssh-access for customers only in a chrooted environment.
About http-server.
1.Launch http-server from non-privileged user. Use chroot ability of http-server everywhere.
2.Use modules like suEXEC to execute scripts (i mean cgi) with owner uid.
3.Disable userdir indexes.
About php.
1.Enable safe_mode (safe_mode = On, safe_mode_gid = Off).
2.Set open_basedir = '.'
3.Set safe_mode_exec_dir = '.'
4.Disable some function. At least chdir (disable_functions = system,chdir)
Look on virtualization technology.
Virtualization technology like Virtuozzo/OpenVZ may give a tool to completely division of control app/control code and 'dirty zone' (virtual hosting environment).
Of course, it's a little article, which does not apply for absolute correctness and completeness of a statement
Best regards, Stanislav Korsakov
