----------------------------------------
This article is provided free by
Stealth IT Solutions Limited
It is free for non-distribution only.
Due to the nature of this data it may
not be edited, no data may be removed
including this text.
With thanks to admin0
myshashi2010@yahoo.com
No responsibility is accepted or implied
Proceed at your own risk
------http://www.stealthhosts.com-------
Disabling Compilers
When the compiler is disabled, the hacker is not able to compile and make the exploit. This step will prevent "The ability to compile the file in the system". Most of the hacking guides that is found in the net suggest of compiling the exploit in the system, and seldom a pre-compiled binary is distributed. Thus, either via shell access or daemon exploit or via cgi/php abuse, they will try to get hold of your compiler and compile the exploit. Normally, your users do not need access to the compiler, so it is safe to restrict/disable compilers
--------------------------------------------------------------------------------
redhat & fedora
For installations via rpm, and for up2date to work, you do not need the compilers to be available.
To disable compilers for users, login as root in the system and give the following command:
if exists,
That will disable compiler access for all users.
Before upgrading apache or php; or if you need to install a programme, enter the following command to enable compiler access for the root user.
On CPanel systems, You need access to the compiler when upgrading apache or installing vps/jsp, apache etc.
after upgrading apache via /scripts/easyapache, disable the compiler again.
It indeed is a matter of preference of individual admins regarding the chmod 700 or chmod 000 of the compilers. It s your system, your decision. The recommended is however to chmod 000.
--------------------------------------------------------------------------------
debian & freebsd
It indeed is a matter of preference of individual admins regarding the chmod 700 or chmod 000 of the compilers. It is your system, your decision. The recommended is however to chmod 000.
This article is provided free by
Stealth IT Solutions Limited
It is free for non-distribution only.
Due to the nature of this data it may
not be edited, no data may be removed
including this text.
With thanks to admin0
myshashi2010@yahoo.com
No responsibility is accepted or implied
Proceed at your own risk
------http://www.stealthhosts.com-------
Disabling Compilers
When the compiler is disabled, the hacker is not able to compile and make the exploit. This step will prevent "The ability to compile the file in the system". Most of the hacking guides that is found in the net suggest of compiling the exploit in the system, and seldom a pre-compiled binary is distributed. Thus, either via shell access or daemon exploit or via cgi/php abuse, they will try to get hold of your compiler and compile the exploit. Normally, your users do not need access to the compiler, so it is safe to restrict/disable compilers
--------------------------------------------------------------------------------
redhat & fedora
For installations via rpm, and for up2date to work, you do not need the compilers to be available.
To disable compilers for users, login as root in the system and give the following command:
Code:
cd /usr/bin/
chmod 000 perlcc byacc yacc bcc kgcc cc gcc i386*cc
chmod 000 *c++ *g++
chmod 000 /usr/lib/bcc /usr/lib/bcc/bcc-cc1if exists,
Code:
chmod 000 /usr/i386-glibc21-linux/lib/gcc-lib/i386-redhat-linux/2.96/cc1That will disable compiler access for all users.
Before upgrading apache or php; or if you need to install a programme, enter the following command to enable compiler access for the root user.
Code:
chmod 700 /usr/bin/cc
chmod 700 /usr/bin/gccOn CPanel systems, You need access to the compiler when upgrading apache or installing vps/jsp, apache etc.
after upgrading apache via /scripts/easyapache, disable the compiler again.
Code:
chmod 000 /usr/bin/cc
chmod 000 /usr/bin/gccIt indeed is a matter of preference of individual admins regarding the chmod 700 or chmod 000 of the compilers. It s your system, your decision. The recommended is however to chmod 000.
--------------------------------------------------------------------------------
debian & freebsd
Code:
chmod 000 /usr/bin/cc
chmod 000 /usr/bin/gcc
chmod 000 /usr/bin/c++It indeed is a matter of preference of individual admins regarding the chmod 700 or chmod 000 of the compilers. It is your system, your decision. The recommended is however to chmod 000.
