On Sat, Dec 16, 2000 at 12:09:22AM -0800, Peter Jay Salzman wrote: > can someone point me to documentation specifically aimed at beefing up > security of ftp and apache? everything is behind an LRP (linux router > project) firewall, so i'm pretty secure otherwise. i let hardly anything in > or out, everything gets logged, and i actually look at the logs. i run tara > every so often, and i'm very conscious about password security.
I can't suggest any resources besides the respective sets of documentation. You can pro-actively enhance the security of your FTP daemon by running it chrooted and under a user id that cannot write to the daemon's directory. A sucessful exploit in this case will not do much harm. > however, i'm curious about vulnerabilities in the ftp and www daemons > themselves. As varied as the daemons themselves. Most are buffer overflows or failure to properly check user input. In the case of httpd, carelessly written cgis are the biggest concern. -- Henry House OpenPGP key available from http://hajhouse.org/hajhouse.asc
pgpg7MtSZA2lb.pgp
Description: PGP signature