[Techtalk] Server was broken into ... what good tools are there to probe vulnerabilities?

[jennyw]

When you say privileges, do you mean file system privileges? Or just that it
gives access to a lot of running processes?

The only thing running as nobody on this system is httpd. Everything else is
running as root (yay!).

I'm not happy about this last, but sendmail is what they use for an mta, and
I believe it needs to run as root. I guess I should read a security book and
see how to set stuff to run as other users. So complicated ... all I want to
do is setup Web sites! And DNS. And IMAP. Okay, maybe I need to read up on
security a bit ...

Jen


----- Original Message -----
From: "Raven, corporate courtesan" <raven at oneeyedcrow.net>
To: <techtalk at linuxchix.org>
Sent: Wednesday, November 21, 2001 10:40 AM
Subject: Re: [Techtalk] Server was broken into ... what good tools are there
to probe vulnerabilities?


> Heya --
>
> Quoth jennyw (Wed, Nov 21, 2001 at 09:54:24AM -0800):
> > Except that my backups would be DNS Zones, MySQL database files, php
files,
> > html files, and images. I figure if I read through the zone files and
php
> > files I should be okay. Plus, the php files should execute as nobody
anyway,
> > so the damage would probably be limited, no?
>
> You'd think.  Check those PHP files.  But getting nobody access
> is usually pretty good, since a lot of programs now run as 'nobody'
> rather than root by default.  So the nobody account has more priviliges
> than you'd think.
>
> To really be safe, make it so that your daemon accounts can't
> log in (unless you need them to for some reason).  That way, folks can't
> telnet in as "nobody" because "nobody" has no shell in /etc/passwd, or
> something like that.
>
> Cheers,
> Raven
>
> "I'm eating stealth cheese that may or may not be immortal?"
>   -- Danielle, on pizza and perpetuity
>
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://www.linuxchix.org/mailman/listinfo/techtalk
>
>
>