Re: Re: Security Checker

[Gudmund Berggren]

Hi,   I was aiming at your second and third area. Good points. One additional topic would be to check for intrusion protection in general with a library of known methods and bugs etc Since the server is in my case running on Windows environment, the intrusion protection issue feels rather important... /// Gudmund   > -----Ursprungligt meddelande----- > Fr�n: J. Johnson [mailto:[EMAIL PROTECTED]] > Skickat: den 11 december 2001 07:43 > Till: [EMAIL PROTECTED] > Kopia: [EMAIL PROTECTED] > �mne: Re: Security Checker? > > > Did you have some particular kind of security check in mind, > or were you interested in security overall? > > For security overall (and security does have have to be done > over all) > there is excellent material on Internet. Start with CERT or > CIAC. For Web specific security see > 'http://www.w3.org/Security/FAQ' for "The WWW > Security FAQ". > > > More specifically, it would be nice to have a script that > would read the httpd.conf file to figure out where all the > components exist, then go through and check ownerships and > permissions to see that CGI files weren't world writeable, > etc. Probably would need to specify some kind or level of > security policy. Has anyone tried anything like that? > > === JJ ============================================================= > > On 10 Dec 2001 [EMAIL PROTECTED] wrote: > > > Hi, > > > > Does anyone know if there is any way of runnig a security check > > (locally) on a Apache server with mod_ssl ? > > > > I am perhaps a bit too paranoid but I use the Win32 port and I have > > respect for this environment.. > > > > Perhaps there exists a tool that can be run locally that > performs some > > basic tests ? > > > > Regards > > Gudmund B > > > > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > > User Support Mailing List > [EMAIL PROTECTED] > > Automated List Manager > [EMAIL PROTECTED] > > > > >