[Leaplist] Security Audit Advice
Aaron Morrison
ae4ko at amsat.org
Sat Dec 15 04:29:00 GMT 2007
On 14 Dec 2007, at 23:15, Randall Perry wrote:
> On 12/14/07, Aaron Morrison <ae4ko at amsat.org> wrote:
>> Oh yeah, this is a colocated Linux box[en] running web services.
> So do you get a shell account for testing too, or just brute force and
> port scanning?
I'm requesting shell access.
>
> For a complete audit, you need higher access than just a nmap port
> scan.
> Look through passwd to see what accounts are allowed login access.
> Check sshd config file for which protocols supported, what kind of
> authentication, root access, etc.
> Check PHP version and what all is configured..like php globals, funky
> modules, etc (just upload a phpinfo string in a file and look at
> feedback).
> type/version of webserver with what modules loaded. (and cgi limits)
> Directory security, file security for hosted files.
> Log level and reporting to uncover events (like coordinated attacks
> against box).
> What other services are running (like FTP) that could be better
> served by scp?
> If you have to have ports open, consider port-knocking to lock that
> box out (well, except for 80 and 443).
> Kernel patches, updates, check other running services that might be
> exploited or cause other issues.
Good stuff. I've already thought about 95% of what you've posted (I've
intentionally left the question open to stimulate discussion and to
make sure I haven't left anything out).
Thanks Randall.
--am
More information about the Leaplist
mailing list