[Leaplist] Security Audit Advice
Randall Perry
randallp at hcrn.info
Sat Dec 15 04:15:53 GMT 2007
On 12/14/07, Aaron Morrison <ae4ko at amsat.org> wrote:
> Oh yeah, this is a colocated Linux box[en] running web services.
So do you get a shell account for testing too, or just brute force and
port scanning?
For a complete audit, you need higher access than just a nmap port scan.
Look through passwd to see what accounts are allowed login access.
Check sshd config file for which protocols supported, what kind of
authentication, root access, etc.
Check PHP version and what all is configured..like php globals, funky
modules, etc (just upload a phpinfo string in a file and look at
feedback).
type/version of webserver with what modules loaded. (and cgi limits)
Directory security, file security for hosted files.
Log level and reporting to uncover events (like coordinated attacks
against box).
What other services are running (like FTP) that could be better served by scp?
If you have to have ports open, consider port-knocking to lock that
box out (well, except for 80 and 443).
Kernel patches, updates, check other running services that might be
exploited or cause other issues.
--
*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.
Randall Perry
Hope Crisis Response Network
www.hcrn.info
More information about the Leaplist
mailing list