Re: Advice needed, trying to find the vulnerable code on Debian webserver.

To: debian-security@lists.debian.org
Subject: Re: Advice needed, trying to find the vulnerable code on Debian webserver.
From: Richard Atterer <richard@list04.atterer.net>
Date: Wed, 16 Jun 2004 12:04:44 +0200
Message-id: <[🔎] 20040616100444.GA3612@fluff>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] D03D875AFA05D34C98F1B0DBB71C3DBA6E1B33@hermes.powerserve.lan>
References: <[🔎] D03D875AFA05D34C98F1B0DBB71C3DBA6E1B33@hermes.powerserve.lan>

You could also try installing snoopy, which logs all commands executed by 
users to auth.log. Then look for unusual commands executed by user 
"www-data" if you suspect insecure PHP scripts etc.

Cheers,

  Richard

-- 
  __   _
  |_) /|  Richard Atterer     |  GnuPG key:
  | \/¯|  http://atterer.net  |  0x888354F7
  ¯ '` ¯

Reply to:

References:
- RE: Advice needed, trying to find the vulnerable code on Debian webserver.
  - From: "Ross Tsolakidis" <Ross.Tsolakidis@day3.com.au>

Prev by Date: Re: Advice needed, trying to find the vulnerable code on Debian webserver.
Next by Date: IPSec tunnels with isakmpd
Previous by thread: Re: Advice needed, trying to find the vulnerable code on Debian webserver.
Next by thread: RE: Advice needed, trying to find the vulnerable code on Debian webserver.
Index(es):
- Date
- Thread