On Wed, 12 Dec 2001, Lajos Moczar wrote: > I too am interested in this topic. Is there anything out there that does > these kinds of checks? Anyone writing or want to write such a thing? I'd > sure be interested in contributing to such a project were it necessary.
If I had the time I'd write one (fun!). Of course, something that checks permissions, etc., is very OS specific, so my product would be Unix, wheras Gudmund wants Windows. But the basic approach would the same. I'd start out with a statement of the purpose. "Security checker" is just too broad and slippery! But something like "scan conf file to get directories, then scan directories to find world writeable files" is a concept clear enough that it seems readily reducible to "a simple matter of programming". Once something like that is working, it's straight forward to add more features, or to make the checks more sophisticated. Check Lincoln Stein's "WWW Security FAQ" site (or his book) for more things to check. Or Garfinkel and Spafford's "Practical Unix & Internet Security". A similar security project would be checking CGI scripts. E.g.: Are 'bad' system calls used? Are Perl scripts run with tainting? Etc. === JJ ============================================================= ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
