chmod 700 binaries like ls, cp, mkdir ?

I was wondering if it's possible to further secure a cpanel with only root as shell user (and one shell account used to login and su to root) by chmodding binaries to 700 without causes issues.

I'm not talking about just file retrieving binaries like wget and lynx, but all binaries that can be of interest to hackers.

For example:

chmod 700 /bin/ls
chmod 700 /bin/cp
chmod 700 /bin/mkdir
chmod 700 /bin/ps
chmod 700 /bin/mount
chmod 700 /bin/umount

Now I'm not sure if chmodding ls, cp and such to 700 will somehow cause conflicts with cpanel, php (with safe_mode on, so no direct use of binaries) or perhaps perl?

But also for example:

chmod 700 /usr/bin/find
chmod 700 /usr/bin/finger
chmod 700 /usr/bin/nslookup
chmod 700 /usr/bin/whereis
chmod 700 /usr/bin/make
chmod 700 /usr/bin/pstree
chmod 700 /usr/bin/which
chmod 700 /usr/bin/who
chmod 700 /usr/bin/w
chmod 700 /usr/bin/top

This in addition to the usual chmod 700 list that can be found on many forums.

Again, this is only meant for servers without any active shell users besides root.

 

 

 

 

Top