homedir (ip of server) security concerns

[imax]

1. I discovered that I can login to phpmyadmin, roundcube etc. using URL:

http://server_s_IP/phpmyadmin
http://server_s_IP/roundcube

2. Next, I started searching where I can find access logs of operations that I mentioned above. And it turned out that it's file: /var/log/httpd/homedir.log

First problem is that log doesn't contain IP and date.
Also I can't find logs for past days.

3. I try to modify this log to resemble a standard apache log, and I stuck on this configuration file:

/etc/httpd/conf/ips.conf

I want modify line: LogFormat "%O \"%r\"" homedir

but this file also states:

# Auto generated apache config file by DirectAdmin version 1.36.2
# Modifying this file is not recommended as any changes you make will be
# overwritten when you add/remove ip's through DirectAdmin.

So I searched in /usr/local/directadmin/data/templates for template file. I found files:

ips_virtual_host.conf (but id don't contain logformat option)

and httpd.conf (but it contains only: LogFormat "%b \"%r\"" homedir, so It's different from line that I looking for, which I mentioned above)

_______________

I thing it's kind of security issue, and I ask what I should do about that.

Temporary I redirect all traffic from server IP to one of domains using htaccess.

Thanks for any suggestions.

 

[mr.applesauce]

What is your question?

 

[imax]

I want add that my two main questions are:

1. How to keep logs of past days.
2. How to change log format.

or other solution to maintain security.

PS. sorry for double post but I can't find edit option.

 

[zEitEr]

1. How to keep logs of past days.

If you're running a Linux box configure logrotate to fit your needs, see /etc/logrotate.d/ directory.

2. How to change log format.

You'd better do:

1. Modify /usr/local/directadmin/data/templates/custom/ips_virtual_host.conf
If you have no /usr/local/directadmin/data/templates/custom/ips_virtual_host.conf, copy it from /usr/local/directadmin/data/templates/ips_virtual_host.conf to /usr/local/directadmin/data/templates/custom/ips_virtual_host.conf

2. After line

CustomLog /var/log/httpd/homedir.log homedir

add two lines

CustomLog /var/log/httpd/|IP|.log combined
ErrorLog /var/log/httpd/|IP|.error.log

twice for both VirtualHost sections.

So it would look something like this:

<VirtualHost |IP|:|PORT_80|>
        ServerName shared.domain
        ScriptAliasMatch ^/~([^/]+)/+cgi-bin/+(.*) /home/$1/public_html/cgi-bin/$2
        AliasMatch ^/~([^/]+)(/.*)* /home/$1/public_html$2
        DocumentRoot |DOCROOT|
|*if APACHE_VER="2.0"|
        SuexecUserGroup |USER| |GROUP|
|*else|
        User |USER|
        Group |GROUP|
|*endif|
        CustomLog /var/log/httpd/homedir.log homedir
        CustomLog /var/log/httpd/|IP|.log combined
        ErrorLog /var/log/httpd/|IP|.error.log
</VirtualHost>

<VirtualHost |IP|:|PORT_443|>
        SSLEngine on
        SSLCertificateFile |CERT|
        SSLCertificateKeyFile |KEY|
        ServerName shared.domain
        ScriptAliasMatch ^/~([^/]+)/+cgi-bin/+(.*) /home/$1/public_html/cgi-bin/$2
        AliasMatch ^/~([^/]+)(/.*)* /home/$1/public_html$2
        DocumentRoot |DOCROOT|
|*if APACHE_VER="2.0"|
        SuexecUserGroup |USER| |GROUP|
|*else|
        User |USER|
        Group |GROUP|
|*endif|
        CustomLog /var/log/httpd/homedir.log homedir
        CustomLog /var/log/httpd/|IP|.log combined
        ErrorLog /var/log/httpd/|IP|.error.log
</VirtualHost>

3. Run as root

echo "action=rewrite&value=ips" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq d800
/etc/init.d/httpd restart

See logs in /var/log/httpd/


p.s. You might need to update your /etc/httpd/conf/extra/httpd-vhosts.conf the same way, but instead |IP| put your actual IP there.