Imunify360 – Ultimate Security for Linux

Imunify360

Keeps Linux Web Servers protected.

Imunify360, the next-generation security solution developed specifically for Linux web servers. It’s highly effective machine learning technology forms data on a worldwide scale, utilizes a six-layer approach to deliver protection against threats, including distributed brute force attacks, most widely recognized kind of attack for web servers.

Key Features

  • IDS / IPS compromise a comprehensive collection of “deny” policy rules to swiftly block every known attack. Monitors server logs and scans log files from all different angles and ban IPs that shows malicious signs.
  • Hardened PHP retains your server secure by patching all PHP versions against known vulnerabilities. This allows you to run any version of PHP without having to revise programs.

How is Imunify360 different from the rest?

  • Delivers sophisticated detection and display of security threats, powered by the self-learning firewall with herd immunity.
  • Protects web applications against malware injections and defacement tacks.
  • Highly effective in catching more bad guys while stopping fewer good guys, as it is powered by the smart intrusion detection that collaborates with the central intrusion system.

Platform Supported

  • CentOS, RHEL and CloudLinux 6 & 7, with cPanel or Plesk.

All our cPanel Shared Hosting are all protected by Imunify360.

Also available as Add-on for your Cloud/Dedicated Servers.  To sign up and purchase Imunify360 services, do contact us.

Pricing

  • Single User – S$10/monthly
  • 30 Users – S$20/monthly
  • Unlimited – S$36/monthly

For more information, you may visit https://www.habangnet.com.

Warmest Regards,
HaBangNet Netsecurity Team

CVE-2016-1531 Exim

On Wednesday, March 2, 2016, Exim announced a vulnerability in all versions of the Exim software.

Impact

According to Exim development: “All installations having Exim set-uid root and using ‘perl_startup’ are vulnerable to a local privilege escalation. Any user who can start an instance of Exim (this is normally *any* user) can gain root privileges.”
Releases

The following versions of cPanel & WHM were patched to have the correct version of Exim. All previous versions of cPanel & WHM, including 11.48.x and below, are vulnerable to a set-uid attack on Exim.
11.50 11.50.5.0
11.52 11.52.4.0
11.54 11.54.0.18
EDGE 11.55.9999.106
CURRENT 11.54.0.18
RELEASE 11.54.0.18
STABLE 11.54.0.18

How to determine if your server is up to date

The updated RPMs provided by cPanel will contain a changelog entry with the CVE number. You can check for this changelog entry with the following command:
rpm -q –changelog exim | grep CVE-2016-1531

The output should resemble below:
Fixes CVE-2016-1531
What to do if you are not up to date.

If your server is not running one of the above versions, update immediately.

You can upgrade your server by navigating to WHM Home »cPanel »Upgrade to Latest Version and clicking “Click to Upgrade” (https://documentation.cpanel.net/display/ALD/Update+Preferences)

Alternatively, you can run the below commands to upgrade your server from the command line:
/scripts/upcp
/usr/bin/system-perl scripts/check_cpanel_rpms –fix –long-list

Verify the new Exim RPM was installed:
rpm -q –changelog exim | grep CVE-2016-1531

The output should resemble below:
Fixes CVE-2016-1531

What has changed?

Exim now provides two configuration options which limit what environment variables are available to Exim and all of its child processes. The variables are keep_environment and add_environment. For the initial release with this feature, cPanel will be setting the variables as follows in all supported cPanel & WHM systems. These values can be modified in the Advanced Configuration Editor if necessary, though we advise caution on adding too many variables to keep_environment.

/etc/exim.conf
keep_environment = X-SOURCE : X-SOURCE-ARGS : X-SOURCE-DIR
add_environment = PATH=/usr/local/sbin::/usr/local/bin::/sbin::/bin::/usr/sbin::/usr/bin::/sbin::/bin
Additional Information

CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1531

Initial Public Disclosure: https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html

If you are still experiencing issues or need additional help, please contact cPanel support. If you’re hosted a VPS or Dedicated server with us, you do not need to worry, if your was a managed set, we will take care of it. If your wasn’t a managed set, but do need assistant, you can submit a ticket at client portal.

Posted by HaBangNet Team
http://www.habangnet.com