Hi there,
When more and more incident about the webserver has been cracked and the
pages were modified with the hacker's wish, a question raised with us, How
to protect that webserver and the pages.
Now LIDS -- Linux Intrusion Detection System-- give the protection a
prosibility.
1)Now you can protect the /usr/sbin/httpd ( the web daemon) as
READONLY which means that nobody can modified it including root.
2)and then make the /home/httpd ( the web content dir ) as DENY access to
everybody, which means that no one can read that directory. It is hidden
in the system.
3)And then, Let the /usr/sbin/httpd a capability to READ the
/home/httpd.
4)and also, the configuration directory for web server is
protected as READonly.
OK, let's see how it protect the webpages from modified.
1) if the hacker comes into the system with a root shell, such as from
web server's Buffer Over Flow bugs. He now wants to modify the pages, but
he found that he can not found the target pages on the system, even he is
root.
2) The Hacker want to replace the httpd daemon(/usr/sbin/httpd) or the
configurate file, such as access.conf, srm.conf,httpd.conf, to read
other directory, he found that he can't do anything on that.
3) Now he insert some malicious codes in the web daemon (
/usr/sbin/httpd) with the buffer over flow in the webserver, The code is
to modify the html directory, But he find he can not do that again. The
httpd has only ability to read that directory.
Now, the pages is under protected. And also, the whole system also
protected by LIDS, for more information, go to http://www.lids.org for more
details.
Now you will ask, then how I can modified the contents legally.
we have two ways,
1) Write a NO_BUFFER_OVER_FLOW program and let that program has the
ability to WRITE the /home/httpd, and anyone who want to access the
program must be authenticated with Kerbose or PKI or else, and restrict
the access address from only the administration's address.
Now when the administrator want to replace the index.html, he can login to
the program above and replace it.
2) Change the LIDS security level to NO security level and replace it. It
has some security problem.
Now, a harden web server is now built with LIDS, It is more and
more difficulty and even impossible for a hacker to change your pages.
What do you think about this and any problem with that,
Thanks,
Xie.
--
Happy Hacking
Linux Intrusion Detection System
http://www.lids.org/
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
