[GLLUG] apache security, file permissions and screen settings

Matt Graham danceswithcrows at usa.net
Fri Dec 5 18:13:12 EST 2003


On Friday 05 December 2003 11:03, after a long battle with technology, 
Seth Bembeneck wrote:
> I just checked my apache log and saw these entrees:

You have entreés in your logfiles?  C'est bon; vous pourrez manger votre 
fiches!

> 68.113.22.41 - - [04/Dec/2003:23:32:57 +0000] "GET
> /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 392 "-" "-"
[snip]
> Looks to me like some one trying to access my system, am I right?

Well, yeah, the access_log file keeps a record of all the documents 
requested from the Apache webserver.  This is some sort of Windows 
worm, and no Apache running on Linux is vulnerable to this particular 
worm, so I wouldn't worry about these particular requests.

> This made me start to question how secure my system is.
> Can any one give any steps on how to make sure it is secure?

0. Unplug machine.
1. Discharge firearms at motherboard.

...There is no such thing as a totally secure machine.  If it's 
accessible over the network, a Real Hacker can find a way in given 
enough time.  Fortunately, Real Hackers generally have more 
constructive things to do, and script kiddies, worms, and trojans cause 
most of the real trouble.

You can minimize vulnerabilities by:

0. Turning off all unneeded services
1. Using ssh and scp instead of telnet and ftp
2. Keeping your software up to date--most distros release security 
updates for various packages regularly
3. Using nmap and ethereal to check out your own system and see if you 
see anything suspicious
4. Subscribing to some of the mailing lists about security on Bugtraq or 
SecurityFocus--careful, some of these could be high-traffic or more 
technical than you'd like
5. Using Tripwire or an equivalent piece of software that'll detect 
unauthorized changes in executable files

> Any tests that can be run?

"chkrootkit" is quite useful if you think you might have a rootkit on 
your machine.  

> Second: File permissions (probabely could also go under number 1):
> What should the permissions be for the /var/www/localhost/cgi-bin
> folder be? 

The user apache is running as must be able to access the directory, so 
it probably needs to be 0755.

> For the scripts in side the folder?

They probably need the execute bit set.

> I just got an LCD monitor. How do I change the resolution and refresh
> rate for the x server?

LCDs behave as if they had a Vrefresh of 60 Hz.  They have one native 
resolution, which you typically want to use since everything else will 
look fuzzy.  However, if you want to run at a resolution different from 
the LCD's native resolution, you may have to change the Hsync and Vsync 
ranges to values far in excess of what the LCD can really do.  (No 
joke; I had to do that on my Thinkpad A22p to get it to work at 
anything other than 1600x1200.)  This doesn't harm the LCD or the 
graphics chipset; the days of the killer poke are long gone.

You can edit your /etc/X11/XF86Config file directly and change the 
values in the Monitor section to something else manually.  There's also 
an interactive tool called xvidtune that might help for generating 
modelines, but it shouldn't be necessary with X's better grasp of DDC 
now.

> For all of the above, I'm using Gentoo as my OS.

Excellent choice :-) .

-- 
  *** Hire me!  http://crow202.dyndns.org/~mhgraham/resume/
   Hope is gone and she confessed / When you lay your dreams to rest
   You can get what's second best / But it's hard to get enough...
      --David Wilcox, "Eye of the Hurricane"
There is no Darkness in Eternity/But only Light too dim for us to see




More information about the linux-user mailing list