Linux Environment Security

Current Release:
http://www.rfxn.com/downloads/les-current.tar.gz
 http://www.rfxn.com/appdocs/README.les
http://www.rfxn.com/appdocs/CHANGELOG.les

Description:
Linux Environment Security is intended as a facility to quickly & easily secure RedHat/RPM based environments. It does such by enforcing root-only permissions on system binaries (binaries that have no place being executed by normal users), enforcing root-only path traversal on system paths, enforcing immutable bit on essential rpm package contents (i.e: coreutils), and enforcing immutable bit on shell profile scripts.

The combined usage of all LES options provides an increased level of local environment security, with the goal of preventing environment based attacks. Such attacks would consist of compromised system binaries; tainting the $PATH variable to point to invalid paths where trojan/malicious binaries are located; alterations to user profile scripts to activate key loggers or process based hi-jacking; traversal exploration of the system paths etc…; the possible attack trends are numerious hence the importance of hardening the local environment space.

Funding:
Funding for the continued development and research into this and other projects, is solely dependent on public contributions and donations. If this is your first time using this software we ask that you evaluate it and consider a small donation; for those who frequent and are continued users of this and other projects we also ask that you make an occasional small donation to help ensure the future of our public projects.

  • #1 written by imran
    about 1 year ago
    Reply Quote

    For working with Cpanel , you need to make sure that cpanel runs the post and pre upcp commands which disable and reenable LES. these scripts that you may need to edit / create are :

    /scripts/postupcp and /scripts/preupcp

  • #2 written by Chan Feng
    about 1 year ago
    Reply Quote

    Same question as above. I wonder if somebody has test this script on cPanel. And if there is special setup for cPanel.

    • #3 written by Paul Trost
      about 1 year ago
      Reply Quote

      The use of LES on a cPanel server will lead to issues as certain RPMs that have had immutable bits set cannot be upgraded. This then leads to failure of cPanel component or scripts like upcp used to upgrade the system. As yum can’t upgrade RPMs with files set immutable, upcp then fails.

  • #4 written by file uploads
    about 2 years ago
    Reply Quote

    Dear sir,

    please If I use this script and enable all option ( les -ea)
    is that influence on server updates and cpanel update ?
    please advise me