By default, Plesk Panel 12 allows utilities or scripts to be run on behalf of root in two cases:
- Scheduling tasks with the cron manager
- Handling events with the Event Manager tool
This makes Panel server potentially vulnerable to malicious software.
To eliminate these vulnerabilities, create the following files and leave them empty:
prevents users from running cron tasks and viewing the list of tasks scheduled on behalf of root.
prevents users from creating event handlers functioning on behalf of root.
The $PRODUCT_ROOT_D is /usr/local/psa for RPM-based systems (RHEL / CentOS) or /opt/psa on DEB-based systems (Debian / Ubuntu).