How do I properly disable cgi scripts e.g. guestbook.cgi on WHM

Question

After a PCI scan identified guestbook.cgi as a risk, I want to disable the cgi-scripts installed by WHM (v11, running on CentOS5). I would like to do this "properly" using the WHM Web interface if possible (so this configuration survives an update and is easily reproduced).

Things I've tried so far that aren't satisfactory:

1. chmod 0 /usr/local/cpanel/base/cgi-sys/guestbook.cgi

   chattr +i /usr/local/cpanel/base/cgi/guestbook.cgi

   = throws a 500 Internal Server Error when visiting example.com/cgi-sys/guestbook.cgi and may interfere with automatic updates

2. WHM | Packages | Feature Manager | Edit a Feature List

   Disabled CGI Center

   Disabled Email Scripts (cgiemail,formmail)

   Disabled Simple Guestbook

   Disabled Advanced Guestbook

   = no change when visiting example.com/cgi-sys/guestbook.cgi (HTTP200 No Username given)

I've search forums.cpanel.net, which are usually pretty good but I can't find an answer that doesn't have undesirable side effects.

Answer 1

I tried using WHM's 'Include Editor' (for httpd.conf edits that survive an update) but settled on using a .htaccess file in /usr/local/cpanel/cgi-sys/ instead. I'm sure there's a probably a better way to do it but this works for me:

# cat /usr/local/cpanel/cgi-sys/.htaccess
RewriteEngine On
RewriteRule ^guestbook.cgi$ [G,L]

# chattr +i /usr/local/cpanel/cgi-sys/.htaccess

Answer 2

To disable cPanel's "CGI Center" scripts via WHM for all accounts or a specific plan:

1. After logging into WHM navigate to Packages > Feature Manager
2. Select the feature list your plans are using under Edit a Feature List (to check edit the plan under Packages > Edit a Package)
3. Uncheck CGI Center, click Save

To disable for a specific account (per cPanel), see https://forums.cpanel.net/f5/one-more-immutable-files-preventing-cpanel-whm-updating-your-serve-214301-p2.html#post1017292