This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

sentora security enhancement
#1
sentora security enhancement
Hi all:


I developed a script that can help to improve sentora panel security called sentora-paranoid (yes I am a security paranoid because i had a very bad experience with previous zpanel versions in the past)

Please, do not ask or blame to sentora team for it, because it is an unofficial sentora project script.

This script is in very early development stage but I share it because I think may be useful for some people with security concerns and may be someone can help me to improve it.

You can find it at: sentora-paranoid.open-source.tk
Reply
Thanks given by: Me.B
#2
RE: sentora security enhancement
I can help you over this for fine tuning.. I don't think that disabling php function would work as the panel will need to execute zsudo... It will break the panel daemon for sure.

I see fail2ban & good tools... also could be tuned for centos instead of focusing only on Ubuntu.

Also adding clamav/spamassassin to postfix will require a lot more ram... It should be optional or checking ram first. If you plan mainly to use server for hosting it won't help really.

forget about suphp as we plan to add suExec in next release would be more fun.

Webalizer is a mess...

Modsecurity if you enable all rules it will break sentora and CMS, so rules need to be tested with big care.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#3
RE: sentora security enhancement
(01-23-2015, 05:36 AM)Me.B Wrote: I can help you over this for fine tuning.. I don't think that disabling php function would work as the panel will need to execute zsudo... It will break the panel daemon for sure.

I see fail2ban & good tools... also could be tuned for centos instead of focusing only on Ubuntu.

Also adding clamav/spamassassin to postfix will require a lot more ram... It should be optional or checking ram first. If you plan mainly to use server for hosting it won't help really.

forget about suphp as we plan to add suExec in next release would be more fun.

Webalizer is a mess...

Modsecurity if you enable all rules it will break sentora and CMS, so rules need to be tested with big care.

M B

Thank you for your comments, I will appreciate any help on this because security is not an easy task.

About:
- zsudo, you were rigth PHP system() function must be enabled in command line CLI-mode and daemon runs perfectly
- centOS, yes, Ubuntu is not the one and only but is the one I know, hope somebody can help with this
- clamav/spamassasin, My tests indicates that the high resources consuming is at first time, I will check on production and review load average regularly,...mmm your RAM checking sounds good, so may be this packages can be optional, and I consider it because one of my clients has a public webmail service, but again, you are right, is not required for everyone
- suphp, forget about it, i will take a look about apache suExec support
- ModSecurity, good to know,

thanks for the tips
Reply
Thanks given by:
#4
RE: sentora security enhancement
suExec will be likely merged into sentora support in 1.1, ( this is my understanding of next priorities).

Also suExec will require users setup a bit complicated to maintain for a mod & different from suphp.

I can help over centos & testing too as it's my main plateform.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#5
RE: sentora security enhancement
(01-24-2015, 05:34 AM)Me.B Wrote: suExec will be likely merged into sentora support in 1.1, ( this is my understanding of next priorities).

Also suExec will require users setup a bit complicated to maintain for a mod & different from suphp.

I can help over centos & testing too as it's my main plateform.

M B

Ok, I will read more about suExec and put it on standby, to see what sentora team is doing and what can be easily incorporate without duplicate efforts

Feel free to change the script, so it can be useful to you and others

Thank you
Reply
Thanks given by:
#6
RE: sentora security enhancement
(01-24-2015, 05:34 AM)Me.B Wrote: suExec will be likely merged into sentora support in 1.1, ( this is my understanding of next priorities).

Also suExec will require users setup a bit complicated to maintain for a mod & different from suphp.

I can help over centos & testing too as it's my main plateform.

M B

I know this post is quite old but actually I wanna know It's Sentora 1.0.3 running. So are all the security issues have been fixed yet?
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Is Sentora dead? rajeevrrs 2 2 ,880 12-17-2022, 09:20 AM
Last Post: TGates
Sentora debug and error files johnnyp 0 1 ,099 10-27-2022, 06:16 PM
Last Post: johnnyp
Transfer Account to another Sentora BenI 1 2 ,490 07-21-2022, 07:19 PM
Last Post: Nigel

Forum Jump:


Users browsing this thread: 1 Guest(s)