Re: Advice needed, trying to find the vulnerable code on Debian webserver.

[Steve Kemp <skx@debian.org>]

On Wed, Jun 16, 2004 at 11:44:17AM -0500, Micah Anderson wrote:
> > > 
> > > Install some rules for it to harden your webserver, see if anything is 
> > > flagged in the security log.
> > 
> > other web server testing tools
> > 	http://www.linux-sec.net/Web/#Testing
> 
> Has anyone actually used any of these to find the vulnerabilities that
> are being discussed? 

  Not personally, I've used snort and some other custom logging code 
 to find exploit attempts in real time though.

  Can you tell us what CGI apps are installed upon the box?  Or
 do the access logs should anything suspicious?  It's clear that
 Apache is the route into the system if you have files owned by
 www-data - maybe mounting /tmp noexec would help?

  (note: mounting /tmp noexec breaks apt often).

  
Steve
--
# The Debian Security Audit Project.
http://www.debian.org/security/audit