Thanks to everyone who has responded. I will be investigating all these options in the next few days, I'll keep you all informed.
-- Ross -----Original Message----- From: Steve Kemp [mailto:[EMAIL PROTECTED] On Behalf Of Steve Kemp Sent: Thursday, 17 June 2004 3:24 AM To: [EMAIL PROTECTED] Cc: Alvin Oga; [EMAIL PROTECTED] Subject: Re: Advice needed, trying to find the vulnerable code on Debian webserver. On Wed, Jun 16, 2004 at 11:44:17AM -0500, Micah Anderson wrote: > > > > > > Install some rules for it to harden your webserver, see if > > > anything is flagged in the security log. > > > > other web server testing tools > > http://www.linux-sec.net/Web/#Testing > > Has anyone actually used any of these to find the vulnerabilities that > are being discussed? Not personally, I've used snort and some other custom logging code to find exploit attempts in real time though. Can you tell us what CGI apps are installed upon the box? Or do the access logs should anything suspicious? It's clear that Apache is the route into the system if you have files owned by www-data - maybe mounting /tmp noexec would help? (note: mounting /tmp noexec breaks apt often). Steve -- # The Debian Security Audit Project. http://www.debian.org/security/audit -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] DISCLAIMER: This e-mail and any files transmitted with it may be privileged and confidential, and are intended only for the use of the intended recipient. If you are not the intended recipient or responsible for delivering this e-mail to the intended recipient, any use, dissemination, forwarding, printing or copying of this e-mail and any attachments is strictly prohibited. If you have received this e-mail in error, please REPLY TO the SENDER to advise the error AND then DELETE the e-mail from your system. Any views expressed in this e-mail and any files transmitted with it are those of the individual sender, except where the sender specifically states them to be the views of our organisation. Our organisation does not represent or warrant that the attached files are free from computer viruses or other defects. The user assumes all responsibility for any loss or damage resulting directly or indirectly from the use of the attached files. In any event, the liability to our organisation is limited to either the resupply of the attached files or the cost of having the attached files resupplied.
