Some Insecure Default LNMP configurations

Some Insecure Default LNMP configurations

LNMP is a one-click nginx + php + mysql Environment Program in many Linux systems in China. However, the default configuration of the program is poor, which may cause security problems. However, the problem is not big, so I dare not write too many titles ~
I set up the environment today and submitted the problem by the way, hoping to fix it.

 

Question 1:

Disable_function Disabled functions are incomplete.

The default function is:
 

Obviously incomplete, popen is not disabled, so we can use popen to execute the command:
 

$f = popen("ifconfig","r");while(!@feof($f)){$re .= @fread($f,1024);}@pclose($f);echo $re;

Question 2:

After a new account is created, the built-in proftpd will save the account and password to. passwd in the/tmp directory. The File Permission is 644, which allows all users to read.

Therefore, as long as I have a webshell or common user permission, I can read others' ftp account and password. (Causing cross-site risks)

The reason is that after proftpd is installed, lnmp will create a proftpd_vhost.sh script in the/root directory, so that you can directly use this script to create an ftp account.

Let's take a look at the sh code:

/Root/proftpd_vhost.sh line 88 start:
 

useradd -s /sbin/nologin -d $userdir -c "lnmp proftpd user" $usernamecat >/tmp/$user.passwd<<eof$username:$userpasseofchpasswd < /tmp/$user.passwdcat >/usr/local/proftpd/etc/vhost/$username.conf<<eof<Directory $userdir>     <Limit ALL>          AllowUser $username     </Limit></Directory>eofecho "Restart ProFTPd......"/etc/init.d/proftpd stop/etc/init.d/proftpd startecho "========================================================================="echo "Add ProFTPd Virtual Host for LNMP v1.0 ,  Written by Licess "echo "========================================================================="echo "For more information please visit http://www.lnmp.org/"echo ""echo "Your UserName:$username"echo "Your Password:$userpass"echo "Directory of $username:$userdir"echo ""echo "========================================================================="

Call useradd to add an account, and then cat> writes the string "$ username: $ userpass" to the/tmp/$ user. passwd file.

Then, pass the content of the/tmp/$ user. passwd file into the chpasswd command to modify the new user password.

Finally, write the configuration to the vhost configuration file, and then echo some information. The sh script is complete.

Until the last lnmp, the/tmp/$ user. passwd file was not deleted. Therefore, a file containing the new ftp account password is left over, and all users have the read permission: