Security Tweaks Main >> Security >> Tweak Security

SSH Password Auth Tweak Disabling Password Auth for SSH will virtually eliminate the ability to brute force access to the server via SSH. This can make all the difference when it comes to the security of the server. While it will increase security, it will cause an inconvenience as users as well as yourself will have to use public/private key authentication to login via ssh. Configure Php open_basedir Tweak Php's open_basedir protection prevents users from opening files outside of their home directory with php. Configure mod_userdir Tweak Apache's mod_userdir allows users to view their sites by entering a tilde(~) and their username as the uri on a specific host. For example http://test.cpanel.net/~fred will bring up the user fred's domain. The disadvantage of this feature is that any bandwidth usage used by this site will be put on the domain it is accessed under (in this case test.cpanel.net). mod_userdir protection prevents this from happening. You may however want to disable it on specific virtual hosts (generally shared ssl hosts.) Configure Compilers Tweak This tweak will disable the system's c and c++ compilers for unprivileged. Many canned exploits require a working c on the system. You can also choose to allow some users to use the compilers while they remain disabled by default. Configure Traceroute Tweak This tweak will disable the system's traceroute utility. Configure SMTP Tweak This SMTP tweak will prevent users from bypassing the mail server to send mail (This is a common practice used by spammers). It will only allow the MTA (mail transport agent), mailman, and root to connect to remote SMTP servers. Configure