httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Saqib.N....@seagate.com
Subject RE: [users@httpd] dynamic vs static module - security issues
Date Fri, 07 Mar 2003 00:21:45 GMT

Hi Kevin,

Thanks for th URL. It is very interesting. I would like find out how many
large sites are using MONIT in production? Their site doesn't have any info
on that.

In Peace,
Saqib Ali
"I fear, if I rebel against my Lord, the retribution of an Awful Day (The
Day of Resurrection)" Al-Quran 6:15
http://www.seagate.cc/blog/


|---------+--------------------------->
|         |           "Kevin Robert   |
|         |           Casey"          |
|         |           <krc@inetwebz.co|
|         |           m>              |
|         |           No Phone Info   |
|         |           Available       |
|         |                           |
|         |           03/06/2003 04:14|
|         |           PM              |
|         |           Please respond  |
|         |           to users        |
|         |                           |
|---------+--------------------------->
  >----------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                      
                                                       |
  |        To:      <users@httpd.apache.org>                                       
                                                             |
  |        cc:                                                                           
                                                       |
  |        Subject: RE: [users@httpd] dynamic vs static module - security issues         
                                                       |
  >----------------------------------------------------------------------------------------------------------------------------------------------|




> Frankly though if your machine is compromised there are a lot of other
> things the bad guys are going to do rather than adding a re-written
apache
> module. You probably want to worry more about kernel modules and root
> kits. A good practice (if this type of thing concerns you and it should)
> is to use something like Tripwire or Aide or even a home grown data base
> of crypto graphic hashes of key files (inluding modules, kernel or
apache)
> and compare hashes on some regular basis.

at the risk of plugging something, i'd recommend using monit
(http://www.tildeslash.com/monit).  not only can restart services that die
for whatever reason, it can perform checksum comparisons.  you can set it
to
compare a hardcoded checksum in the config file, or it will calculate it at
startup and continually compare it to that value.

just my two cents.
kevin


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org







---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message