Did you have some particular kind of security check in mind, or were you interested in security overall?
For security overall (and security does have have to be done over all) there is excellent material on Internet. Start with CERT or CIAC. For Web specific security see 'http://www.w3.org/Security/FAQ' for "The WWW Security FAQ". More specifically, it would be nice to have a script that would read the httpd.conf file to figure out where all the components exist, then go through and check ownerships and permissions to see that CGI files weren't world writeable, etc. Probably would need to specify some kind or level of security policy. Has anyone tried anything like that? === JJ ============================================================= On 10 Dec 2001 [EMAIL PROTECTED] wrote: > Hi, > > Does anyone know if there is any way of runnig a security check > (locally) on a Apache server with mod_ssl ? > > I am perhaps a bit too paranoid but I use the Win32 port and I have respect > for this environment.. > > Perhaps there exists a tool that can be run locally that performs some > basic tests ? > > Regards > Gudmund B > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
