I too am interested in this topic. Is there anything out there that does these kinds of checks? Anyone writing or want to write such a thing? I'd sure be interested in contributing to such a project were it necessary.
Lajos Gudmund Berggren wrote: > Hi, > > > > I was aiming at your second and third area. Good points. > One additional topic would be to check for intrusion protection in > general with a library > > of known methods and bugs etc > > > Since the server is in my case running on Windows environment, the > intrusion protection issue feels > > rather important... > > > /// Gudmund > > > > > -----Ursprungligt meddelande----- > > > Fr�n: J. Johnson [mailto:[EMAIL PROTECTED]] > > > Skickat: den 11 december 2001 07:43 > > > Till: [EMAIL PROTECTED] > > > Kopia: [EMAIL PROTECTED] > > > �mne: Re: Security Checker? > > > > > > > > > Did you have some particular kind of security check in mind, > > > or were you interested in security overall? > > > > > > For security overall (and security does have have to be done > > > over all) > > > there is excellent material on Internet. Start with CERT or > > > CIAC. For Web specific security see > > > 'http://www.w3.org/Security/FAQ' for "The WWW > Security FAQ". > > > > > > > > > More specifically, it would be nice to have a script that > > > would read the httpd.conf file to figure out where all the > > > components exist, then go through and check ownerships and > > > permissions to see that CGI files weren't world writeable, > > > etc. Probably would need to specify some kind or level of > > > security policy. Has anyone tried anything like that? > > > > > > === JJ ============================================================= > > > > > > On 10 Dec 2001 [EMAIL PROTECTED] wrote: > > > > > > > Hi, > > > > > > > > Does anyone know if there is any way of runnig a security check > > > > (locally) on a Apache server with mod_ssl ? > > > > > > > > I am perhaps a bit too paranoid but I use the Win32 port and I have > > > > respect for this environment.. > > > > > > > > Perhaps there exists a tool that can be run locally that > > > performs some > > > > basic tests ? > > > > > > > > Regards > > > > Gudmund B > > > > > > > > > > > > > > > ______________________________________________________________________ > > > > Apache Interface to OpenSSL (mod_ssl) > > > www.modssl.org > > > > User Support Mailing List > > > [EMAIL PROTECTED] > > > > Automated List Manager > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
