Few questions 4 admin0
I want to start with some assumptions here:
- Im using cpanel/whm with RH
- I am the average hosting server that does not give away shell access to clients
- The other users with access to ssh does not need to compile programs, maybe just me when i want to install some apps
- I run normal php/cgi sites on the server
1. Does the chmod to 000 of the c compiler could affect in some way the autoupdate features of cpanel? The ones that update cpanel and also system software? What about the up2date feature of RH? Any other disadvantages of this chmod thing?
2. If i change the fstab with the nosuid,nodev,noatime options. Could this change interfere in some way the way the website pages are server? (perl/php/ssi scripts not working, etc)
3. Does the up2date RH feature can work properly if i have the autoupdate option of cpanel enabled too? Does this 2 update options needs the c compiler in some way or they just use rpms and binaries?
3. netstat -al shows some open ports that i think are for cpanel functionality. Do you know which ones are the ones that really need to be open and which ones can be closed?
4. usernames/passwords: If i encourage users to access their cpanel/webmail via ssl could i prevent the sniff of sensitive information? Is there a workaround to this problem, like the protocol that you mention that plesk use? What about access via ftp, could i secure if they access with ssh enabled ftp clients? like cuteftppro?
5. Is it a good idea to remove the version number of the server daemons? (apache, sendmail/exim, ftp, etc)?
Too many questions
.... Regards and thank you very much for your help, i think im really learning a lot from u
