Cacti/Hacking prevention
From Gentoo Linux Wiki
< Cacti
Contents |
[edit] Hacking prevention
Note: Cacti 0.8.6j and on are not vulnerable to this attack so the following procedure is no longer necessary.
Older versions of cacti (cacti-0.8.6i-r1) are vulnerable through its cmd.php file. Indeed, hackers can use this script to execute shell commands on the remote host. To prevent your server from being vulnerable to this kind of attack, let's make a couple of changes on your Apache configuration.
[edit] Permit .htaccess override in cacti directory
In default configuration, .htaccess will not be able to deny access to the cmd.php file. Edit the following file /etc/apache2/vhosts.d/00_default_vhost.conf and change this :
<Directory "/var/www/localhost/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
to this :
<Directory "/var/www/localhost/htdocs">
Options Indexes FollowSymLinks
AllowOverride Limit
Order allow,deny
Allow from all
</Directory>
And reload apache :
/etc/init.d/apache2 reload
[edit] Deny access to cmd.php
Then you can create .htaccess file in cacti directory :
nano -w /var/www/localhost/htdocs/cacti/.htaccess
And paste this into it :
<FILES cmd.php>
Deny from all
</FILES>
Browsing this file http://localhost/cacti/cmd.php, you should get a Access denied error message. Hackers cannot use this file anymore.
[edit] More
- Cacti
- Cacti/Installation
- Cacti/SNMP host setup
- Cacti/Squid Setup
- Cacti/Hacking prevention
- http://cacti.net
