Re: [PLUG] apache security

Randall A Sindlinger on 31 Jan 2011 13:21:52 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] apache security

From: Randall A Sindlinger <rsindlin+plug@seas.upenn.edu>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] apache security
Date: Mon, 31 Jan 2011 16:21:46 -0500
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org
User-agent: Mutt/1.5.20 (2009-06-14)

Just some quick thoughts off the top of my head -

On Mon, Jan 31, 2011 at 03:36:48PM -0500, Mike Sheinberg wrote:
> 
> I am tasked with rebuilding a LAMP web-server that previously had security
> issues. The problem is there is a lot of php code and frankly it's a bit
> daunting to pour over it all and try to sanitize it 100% before putting the
> server live again. I don't think it's all bad code but some of the forms are
> definitely suspect as I sift through it. 

First off, make sure you're using the latest version of PHP, and make sure 
the scripts are all using that, too (if you have multiple versions installed)
PHP gets a lot of patches, most of them security-related, so that should be 
the very first line of defense.

> I just want to make the assumption that
> even if I scrape all the code that something insecure will make it through.

Unless you're used to doing security audits on code, I think that's a reasonable
assumption.

I think most distros include only the PHP modules that have active development,
thus are being actively patched.  Any script that requires a non-distro PHP
module probably has a greater chance of having a flaw, and I'd think is worth
scraping.

Also, sit for a moment and assume the machine gets compromised again.  What
does the machine have or have access to that it shouldn't, but does just because
it makes running it easy?  Does it mount everyone's home directories, even
though it only needs to run code out of one or two?  Fix that - set the mount
points deeper down so you only mount what's used or needed.  Does the system
let you sudo?  Why?  Does it allow remote root login with a password?  Why?  
Can you run curl, wget, any kind of ftp command on it?  Why?  Those are common 
script-kiddie methods of pulling exploit code onto your machine.  And on and on...
you get the idea.

-Randall
--
  Randall Sindlinger
  Systems Programmer, CETS
  School of Engineering and Applied Science
  University of Pennsylvania

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] apache security
  - From: Mike Sheinberg <m.sheiny@gmail.com>

Prev by Date: Re: [PLUG] apache security
Next by Date: Re: [PLUG] iptables question
Previous by thread: Re: [PLUG] apache security
Next by thread: Re: [PLUG] apache security
Index(es):
- Date
- Thread