Navratri Festive Offer: 50% Off Cloud Hosting + FREE Migration Get It Now!
Symlinks(symlink Symbolic Links, in short)are an awesome function in Unix-like operating systems that can create a link or reference to a file or directory in another place in the file system. Though symlinks can be really useful in a variety of aspects, from creating shortcuts and cleaning up directories to organizing the folders, they can lead to security problems unless they are well maintained.
Some of the most basic and cunning types of cyber-attacks are symbolic link attacks, also called symlink races or link races. Their principle works when an attacker creates a symbolic link that points to a sensitive file or directory on the server. The webserver might also be ignorant of the symlinks and thus allow outsourcing to a file in an unapproved location or make modifications to it.
To minimize this security risk, cPanel and WHM (Web Host Manager) have introduced a feature called "Symlink Protection," which turns off the possibility of creating symlinks in users' directories. Hence, this excludes the occurrence of symlink attacks. In this article, we will walk you through the step-by-step process for Symlink Protection in WHM.
Open your web browser and navigate to the WHM (Web Host Manager) URL (e.g., https: Her Gmail address was also registered as an additional email domain that could be accessed on my computer (the server-ip:2087).
To access the Webhost Manager dashboard, click on the WHM login page and enter your used web-hosted password
When you access the WHM admin area, use the "Tweak Settings" option on the left menu.
Press the "Tweak Settings" icon. Click 'here'.
From the "Adjusting Settings" panel, scroll down to the "Symblink Protection and Tracker" part.
You can try to find the "Symlink Protection" feature and put the checkbox that belongs to that option to enable it.
As a result, WHM's discovery of Symlink Protection will prevent users from creating links via symbols in their home and account directories. In other words, any user who is trying to create a symbolic link that points outside of the designated folder will fail because the web server will not follow the symbolic link, thereby making symlink exhaustions unlikely.
Establishing even the basic Symlink Protection setting is the crucial step in adding a layer of security against symlink attacks to your server. Although there are several options available in WHM, they are also a step in the right direction when it comes to hardening the server against these types of attacks. This can be accomplished by selecting "Symlink Protection" and "Tracker" from the "Symlink Protection and Tracker" menu, which is located in the "Symlink Protection and Tracker" section:
"Symlink Tracker": With this option, it is possible to monitor the symlinks generated within the user document paths. By checking this option, only WHM will record any directory/file link creation active; thus, it is very convenient for incident detection and audit.
"Symlink Tracker Log File": The existing path parameter provides you with an option to select the log destination where the symlink tracker log file will be saved. This binary function will be stored in the file "/usr/local/apache/logs/symlink_tracking.log" by nature.
"Symlink Tracker Email Addresses": With this option, you can enter any number of email addresses at once. Your Symlink Tracker will inform the given email address whenever it detects a symlink creation attempt and log it accordingly.
These extra options are not the most important ones for Symlink Protection, but of course, they will give you additional insight into what could be understood by Symlink creation attempts and other security events.
Now that you have completed the first step go ahead and enable Symlink Protection by checking the option. You can configure any additional options (if needed) and scroll to the bottom of the tab.
Click on the "Save Button" to make the changes take effect.
WHM is now set to turn on Symlink Protection in all user accounts on your server and on the directories, thus shielding your users from Symlink attacks.
Announcing Symlink Protection enabled on an already configured server with working user accounts before users experience the difference is a precaution to inform users of the changes. We will educate them about the security procedures that are in place, and thus, they will not encounter any misunderstandings or problems if they try to create symlinks within directories.
Aside from sending a mass email to all users, you could also update your organization's knowledge base or send as many internal memos as possible to inform them of the changes.
Symlink Protection Disabling is certainly a basic step towards the prevention of symlink attacks. However, it is important to reiterate that it goes hand in hand with other approaches towards system security. Besides this, let us cover other things:
Regular Security Audits: Perform periodic security scans and threat assessment tests to discover and rectify network security issues on servers.
Secure File Permissions: Verify that the file permissions are correctly set and adopt the principle of least privilege, extending the rights to the users only up to the required level.
Web Application Security: Apply security options for web apps run by your servers, such as input validation, output encoding, and secure code activities.
Firewalls and Access Controls: The firewall will be used as well, and access controls will be in place to prevent unauthorized access to your server and the resources that it includes.
Security Updates: Update the server software running on your Linux-based server, namely cPanel & WHM, Apache, PHP, and other software, to ensure it is patched and current.
You can decrease the risk of being a victim to symlink attacks or other security threats that plague a server by following the steps outlined in this knowledgebase article and implementing a comprehensive security strategy that covers all loopholes. This will give you a guarantee of reliable hosting to your users.
Recall that security is not only a one-step program but a continuous one that requires vigilance, maintenance from time to time, and proactive action to stay ahead of criminals. By deploying the symlink Protection feature and including the right tactic, you can ensure that the server and users' data are not seized and that security laps are performed
Let’s talk about the future, and make it happen!