[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Server hacked - next...?

On Sun, 29 Jun 2003 17:12, Jason Lim wrote:
> The box is a very recently updated "stable" box... virtually every other
> date apt-get is update/upgrade.
> The box is setup very secure... the usual things were done... like
> ensuring no unused services are running and things like that.
> So does that mean "stable" is actually vulnerable to something we all
> don't know about???

That could be the case.

Or it could be some issue of your configuration.  Maybe you have Apache set to 
run customer cgi-bin scripts under the same UID and a customer uploaded an 
insecure or hostile cgi-bin script.

Have you considered using SE Linux?

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: