httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aman Raheja <arah...@techquotes.com>
Subject Re: [users@httpd] security procedures question
Date Thu, 02 Dec 2004 14:45:29 GMT
Do a find (rather than ls) on the server for finding 777 files and also 
files that have suid set... make sure they are required to be the way 
they are.
777 could be sec problems depending on many factors oh how the webserver 
is operating - can users right across the different websites (if more 
than one running). Sometimes, the users are not malicious but you have 
to protect against accidents.
Aman Raheja

Andy Firman wrote:

>If you were to take on the responsibility of managing an 
>existing Apache server, with not documentation, but full
>root access vis ssh, what kind of things would you do on the 
>box to check for security problems in regards to Apache?
>
>The first thing I can think of is to do something like this:
>/root:# ls -Ral /wwwroot |grep rwxrwxrwx |less
>
>Now, if you do find any directories/files that are 777,
>is that a major security problem?
>
>Comments?
>
>Andy
>  
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message