Odd csf entry's by DA in csf.allow on all servers?

BillyS said:
I see a whitelisted IP address entered by DA back in November of last year too.
Click to expand...
Which whitelisted ip? As far as I can see only these 2 lines were added by DA on our servers.
Nothing in november either.

Is that also in csf.allow? Did you had help from some DA staff? Maybe that could be the reason?
 
I'm not sure but is there a specific technical need why those kind of connections (remote SSH, remote (s)ftp backups, etc.) have to be opened by user root and not by some much more limited user? I would have expected that none of the DirectAdmin features run directly via user root.
 
Richard G said:
Is that also in csf.allow? Did you had help from some DA staff? Maybe that could be the reason?
Click to expand...
Yes, in csf.allow. I did just check a ticket and had work done on that day.

Code: 
84.15.186.190 # DirectAdmin - Wed Nov 24 04:35:19 2021
tcp|out|u=0 # Added by DirectAdmin - Sun Dec  5 07:43:02 2021
udp|out|u=0 # Added by DirectAdmin - Sun Dec  5 07:43:02 2021

The thing about these entries is I'm not sure whitelisting an IP address in csf.allow helps since I have an external firewall through google compute engine that has rules too. So whitelisting an IP here does not help unless I whitelist it there too.
 
BillyS said:
So whitelisting an IP here does not help unless I whitelist it there too.
Click to expand...
That is correct.

As for the csf.allow, in that case that must be the reason you have a seperate ip whitelisted in there.

warg said:
I would have expected that none of the DirectAdmin features run directly via user root.
Click to expand...
Smtalk said it's for outgoing connections only. I don't reall expect DA to be switching user to use wget (or curl or something) to get certain files like php versions and then switch to root again to compile them. A lesser user can't compile the services if I'm not mistaken.
Same with Letsencrypt and some stuff I guess.
 
Hello all.
Since I can't find a clear answer, I'm asking the question again
Should we delete it or leave it ?
Code: 
tcp|out|u=0 # Added by DirectAdmin - Mon Nov 29 19:10:17 2021
udp|out|u=0 # Added by DirectAdmin - Mon Nov 29 19:10:17 2021

Greetings
 
medtech said:
Since I can't find a clear answer, I'm asking the question again
Click to expand...
It's answered in post #14 and #17 on the previous page by smtalk.
So you can do either, if you want to be sure root can have access to anything needed outside (compiling, backups etc.) I would just leave it as is.
It can't do any harm.
 
You must log in or register to reply here.
Back
Top