httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Sjögren <tho...@northernsecurity.net>
Subject [PATCH] security_tips.html
Date Thu, 11 Jul 2002 15:34:51 GMT
I updated the Security Tips page with some information about the 
importance of watching the logs.

Ps. Sorry for sending the wrong type of patch format last time.

Index: ./httpd-docs-2.0/manual/misc/security_tips.html
===================================================================
RCS file: 
/home/cvspublic/httpd-2.0/docs/manual/misc/security_tips.html,v
retrieving revision 1.28
diff -u -r1.28 security_tips.html
--- ./httpd-docs-2.0/manual/misc/security_tips.html     19 Jan 2002 
17:44:08 -0000      1.28
+++ ./httpd-docs-2.0/manual/misc/security_tips.html     11 Jul 2002 
15:26:58 -0000
@@ -31,6 +31,8 @@
 
       <li><a href="#protectserverfiles">Protect Server Files by
       Default</a></li>
+
+      <li><a href="#watchyourlogs">Watching Your Logs</a></li>
     </ul>
     <hr />
 
@@ -278,6 +280,30 @@
     </dl>
     <hr />
 
+    <h2><a id="watchyourlogs" name="watchyourlogs">
+    Watching Your Logs</a></h2>
+
+    <p>To keep up-to-date with what is actually going on against your 
server
+    you have to check the <a href="../logs.html">Log Files</a>.
+    Even though the log files only reports what has already happend, 
they will give
+    you some understanding of what attacks is thrown against the server
+    and allows you to check if the necessary level of security is 
present on your server.</p>
+
+    <p>A couple of examples:</p>
+   <ol>
+   <li><samp>grep -c "/jsp/source.jsp?/jsp/ /jsp/source.jsp??" 
access_log</samp></li>
+   <li><samp>grep "client denied" error_log | tail -n 10 </samp></li>
+    </ol>
+
+   <p>The first example will list the number of attacks trying to 
exploit the
+   <a href="http://online.securityfocus.com/bid/4876/info/">Apache 
Tomcat Source.JSP  Malformed
+   Request Information Disclosure Vulnerability</a>, the second 
example will list the ten last denied clients, for example:</p>
+
+  <dl>
+  <dd><samp>[Thu Jul 11 17:18:39 2002] [error] [client foo.bar.com] 
client denied by server configuration: 
/usr/local/apache/htdocs/.htpasswd</samp></dd>
+  </dl>
+
+   <hr />
     <p>Please send any other useful security tips to The Apache
     Group by filling out a <a href="http://bugs.apache.org/">
     problem report</a>. If you are confident you have found a
@@ -288,4 +314,5 @@
     <p><!--#include virtual="footer.html" --></p>
   </body>
 </html>
+

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message