[GLLUG] apache security, file permissions and screen settings

Robert G. Brown bob at whizdomsoft.com
Fri Dec 5 19:36:21 EST 2003 

On Fri, 05 Dec 2003 18:13:12 -0500, Matt Graham <danceswithcrows at usa.net> wrote:

>On Friday 05 December 2003 11:03, after a long battle with technology, 
>Seth Bembeneck wrote:
>> I just checked my apache log and saw these entrees:
>You have entreés in your logfiles?  C'est bon; vous pourrez manger votre 
>fiches!
Aucun besoin de faire l'amusement de lui comme cette seule erreur
typographique de forum!

>> 68.113.22.41 - - [04/Dec/2003:23:32:57 +0000] "GET
>> /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
>> HTTP/1.0" 404 392 "-" "-"
>[snip]
>> Looks to me like some one trying to access my system, am I right?

>Well, yeah, the access_log file keeps a record of all the documents 
>requested from the Apache webserver.  This is some sort of Windows 
>worm, and no Apache running on Linux is vulnerable to this particular 
>worm, so I wouldn't worry about these particular requests.

The only problem that I have had as a result of these kinds of events are
that my error logs get flooded with resulting "Page Not found" type events,
which motivated me to do SOMETHING about them...

AliasMatch ^/_mem_bin/* /var/www/html/script-trap/index.html
AliasMatch ^/_vti_cnf/* /var/www/html/script-trap/index.html

some of the noise requests I had been getting had fragments that I din;t
use, like "mem_bin" and "_vti_cnf"; the above line cause a small, static
page (smaller than the Apache-generated error page) to be served up in
response. The events are still logged, but I don't send out as much, and
my logs are kept cleaner. I have a lot more lines than the above, and I
encourage you to come up with your own, for the requests that bother you.

>> This made me start to question how secure my system is.
>> Can any one give any steps on how to make sure it is secure?
>
>0. Unplug machine.
>1. Discharge firearms at motherboard.
While these steps are answers to the question, they are a bit extreme, and
have undesired side-effects. I appreciate the spirit of the answer, but have
a rogh time endorsing it. 
:)

>...There is no such thing as a totally secure machine....
All agreed. However, Apache and other (OSS) webservers are under contuous 
examination, review, and imporvement. This is a process in which we all can
participate; if you see an exploit, report it to the developers!

>You can minimize vulnerabilities by:
[list elided, see orginal for this text]
All good points!

							Regards,
							---> RGB <---

More information about the linux-user mailing list