Portal Home > Knowledgebase > XSLOVZ > Security Concerns


Security Concerns




Hi there,
if you are going to run this module in a production env. kindly use the following approach to limit the functionality of this module. it was suggested by the members of community.
this was added in this commit .

1 - make sure you install sudo on your OpenVZ Node (yum install sudo on rhel/centos and apt-get install sudo on debian/ubuntu)
2 - from WHMCS navigate to Setup -> Product/Services and edit your VPS products to specify sudo binary path . (use where/which sudo on openvz node to get its path) if you see you have same path as default value just click save.
3 - login to OpenVZ node and add new user (useradd vzusr) then create a strong password (passwd vzusr).
4 - use visudo to edit sudoers file and specify this :
vzusr    ALL=(ALL) NOPASSWD: /usr/sbin/vzctl , /sbin/iptables , /usr/sbin/vzlist , /sbin/tc , /bin/cat
also you will need to comment or remove this line;
Defaults requiretty
then save file (ctrl + x then enter if using nano or shift + ZZ if you using vim).
now our new user will have root powers to execute those commands only. (/bin/cat is optional it will read /proc/cpuinfo and display it to client. so you may want to disable)
5 - let's back to WHMCS, navigate to Setup -> Product/Services -> Servers and edit your OpenVZ Node(s). and specify our sudoer user created in step 3 (vzusr) as username and your specified password.

Good Luck




Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
OpenVZ Installation (Views: 1382)
Bandwidth counter (Views: 664)

Powered by WHMCompleteSolution