Re: Apache 1.3.33 (from sarge) and mod_chroot

To: Krzysztof J??wiak <ziutus@ziutus.com>
Cc: debian-security@lists.debian.org
Subject: Re: Apache 1.3.33 (from sarge) and mod_chroot
From: Steve Kemp <skx@debian.org>
Date: Thu, 24 Mar 2005 07:51:16 +0000
Message-id: <[🔎] 20050324075116.GA16749@steve.org.uk>
Reply-to: Steve Kemp <skx@debian.org>
In-reply-to: <[🔎] 42425EA7.3090503@ziutus.com>
References: <[🔎] 42425EA7.3090503@ziutus.com>

On Thu, Mar 24, 2005 at 07:31:03AM +0100, Krzysztof J??wiak wrote:

> My web server was hacked a few days ago and I decided to install some 
> new program and modules which improve security.

  Good plan.

  Did you find the source of the attack?  If not you're at risk from
 a repeat of the previous one ..

> I find in sarge libapache-mod-chroot which chroot apache (and it work 
> fine) but I can't send mail from php.
> I installed ssmtp in chroot (I think so) in chroot environment but it 
> doesn't help :(

  I can't help you there, but I would suggest you look at mod-security,
 you can find it in Sarge.

  The homepage has lots of documentation, and it includes chroot
 functionality:

	http://www.modsecurity.org/

  There's a brief introduction here:

	http://www.debian-administration.org/?article=65

Steve
--

Reply to:

References:
- Apache 1.3.33 (from sarge) and mod_chroot
  - From: Krzysztof Jóźwiak <ziutus@ziutus.com>

Prev by Date: Re: Apache 1.3.33 (from sarge) and mod_chroot
Next by Date: Automating security updates
Previous by thread: Re: Apache 1.3.33 (from sarge) and mod_chroot
Next by thread: Re: Apache 1.3.33 (from sarge) and mod_chroot
Index(es):
- Date
- Thread