Biblioteca de cunoștințe

How to Disable GET, wget, and curl  Tipărire

A great way to add more security to your web server is to disable GET, wget, and Curl which will stop web, and shell users from being able to download files to the server.  You can set up a group called get-users so that only users that are a member of this group will be able to to download files to the server.

First we will need to add the get-users group.

<code>
[root@dev ~]# /usr/sbin/groupadd get-users
</code>

Verify that the group as been added

<code>
[root@dev ~]# grep get-users /etc/group
</code>

get-users:x:10014:

Output should look something like this (Note: the numbers do not need to match what I have here)

Now we are going to check the permissions of the binaries.

<code>
[root@dev ~]# cd /usr/bin
[root@dev /usr/bin]# declare -a CHKPERM
[root@dev /usr/bin]# declare -rx CHKPERM=( "curl" "GET" "lwp-download" "lwp-mirror" "lwp-request" "lwp-rget" "lynx" "wget" )
[root@dev /usr/bin]# for A in ${CHKPERM[*]}; do ls -l ./${A};done
</code>

-rwxr-x---  1 root get-users 79048 May  2  2007 ./curl
-rwxr-x---  1 root cpanel-horde 14264 Feb 21  2005 ./GET
-rwxr-x---  1 root cpanel-horde 8080 Jul 11 12:03 ./lwp-download
-rwxr-x---  1 root cpanel-horde 2389 Apr  9 04:16 ./lwp-mirror
-rwxr-x---  1 root cpanel-horde 14821 Apr  9 04:16 ./lwp-request
-rwxr-x---  1 root cpanel-horde 15075 Apr  9 04:16 ./lwp-rget
-rwxr-x---  1 root cpanel-horde 1180484 Nov 11  2005 ./lynx
-rwxr-x---  1 root cpanel-horde 206096 Nov  2  2005 ./wget

The output should look something like this.

These are the current permissions witch allows all users to use these applications.

Now we are going to change the permissions to our new group that we created name get-users.

<code>
[root@dev /usr/bin]# for A in ${CHKPERM[*]}; do chown root.get-users ./${A}; chmod 750 ./${A}; ls -l ./${A};done
</code>

-rwxr-x---  1 root get-users 79048 May  2  2007 ./curl
-rwxr-x---  1 root get-users 14264 Feb 21  2005 ./GET
-rwxr-x---  1 root get-users 8080 Jul 11 12:03 ./lwp-download
-rwxr-x---  1 root get-users 2389 Apr  9 04:16 ./lwp-mirror
-rwxr-x---  1 root get-users 14821 Apr  9 04:16 ./lwp-request
-rwxr-x---  1 root get-users 15075 Apr  9 04:16 ./lwp-rget
-rwxr-x---  1 root get-users 1180484 Nov 11  2005 ./lynx
-rwxr-x---  1 root get-users 206096 Nov  2  2005 ./wget
[root@dev /usr/bin]#

The output should look something like this.

Now the permissions have been change so that only members of the get-users group can use these services.

If you want a user other than root to be able to use these services you are going to want to add this user to the get-user group.

<code>
[root@dev /usr/bin]# nano /etc/group
</code>

Find the get-user group and add your users separated by commas.

get-users:x:10014:carl,richard,daniel

Exit and Save.

These users can now use the services that we set to the get-users group.

If you want to add a new user that will be able to use these services you can do the following.

<code>
[root@dev /usr/bin]# /usr/sbin/adduser test -G get-users
</code>

Now Make sure that the user was added to the group.

<code>
[root@dev /usr/bin]# grep donnie /etc/group

get-users:x:10014:carl,richard,daniel,donnie
donnie:x:32017:
</code>

The output should look something like this.

Răspunsul a fost util?

Articole similare

Installing APF Firewall and BFD Brute Force Detection
This is a guide on how to install and configure a firewall on your server.  A firewall is one of...
SSH Securing Root Disable Root Log-ins
This is a guide on how to add more security to your server by disabling root logins and change...