[Techtalk] Server was broken into ... what good tools are there to probe vulnerabilities?
Raven, corporate courtesan
raven at oneeyedcrow.net
Wed Nov 21 14:40:12 EST 2001
Quoth jennyw (Wed, Nov 21, 2001 at 09:54:24AM -0800):
> Except that my backups would be DNS Zones, MySQL database files, php files,
> html files, and images. I figure if I read through the zone files and php
> files I should be okay. Plus, the php files should execute as nobody anyway,
> so the damage would probably be limited, no?
You'd think. Check those PHP files. But getting nobody access
is usually pretty good, since a lot of programs now run as 'nobody'
rather than root by default. So the nobody account has more priviliges
than you'd think.
To really be safe, make it so that your daemon accounts can't
log in (unless you need them to for some reason). That way, folks can't
telnet in as "nobody" because "nobody" has no shell in /etc/passwd, or
something like that.
"I'm eating stealth cheese that may or may not be immortal?"
-- Danielle, on pizza and perpetuity
More information about the Techtalk