Security :: Files Executed Via Apache?
Sep 2, 2010The actual file didn't exist. I am confident it came through a site but I am more curious what settings in apache affect the ability to do this?
View 2 Replies
ADVERTISEMENT
Security :: Log All The Commands Executed By Root ?
Aug 11, 2010I want to get a of log all the commands executed by the root user with the following details :
incoming ip
username (thru which su was executed)
time and date
all the commands executed as mentioned above.
Also if user has managed to login as root, he should not be able to disable / delete the above info. Can this info be collected at some other physical server ?
Security :: Monitoring Executed Commands?
Dec 15, 2010I've firewall machine customers connect on it then connect to one of another 3 machines as root through ssh key , is there any way to know which user connect to which machine and what command that he has executed without using script command ?
View 1 Replies View RelatedSecurity :: Call Access Out Side Chroot Jail Files From Apache?
Apr 2, 2010I have one requirement i.e I want to call the java file from the php function using shell_exec command , i am using the chroot jail concept , if i using this command i am getting the empty file because java environment is outside the chroot jail,so how to access the the files those are out side the chroot jail.
View 3 Replies View RelatedSecurity :: Permissions For Chown - Command Executed By Root Only
Feb 22, 2010Inspite of having 755 permissions on the chown command, it seems the command can be executed by the root only. I was under the impression that the 'x' permission for 'others' can give executable rights to the normal user too, which does not seem to be the case here. Just curious to know, if not the file perms itself, what controls the execution of the command?
View 6 Replies View RelatedSecurity :: Would A Windows Virus Executed In Wine Compromise The Whole System
Dec 22, 2010Would a Windows virus executed in Wine compromise the whole Linux system?
View 3 Replies View RelatedGeneral :: Security - Copy Password From Mono-executed KeePass2 To Xterm?
Apr 7, 2011I use KeePass2 to access username/password information in a Dropbox file. This allows convenient access from multiple devices. I can't seem to copy a password to the clipboard on my Linux 2.6.27.41-170.2.117.fc10.x86_64 system, however, in order to supply the password to a prompt in an xterm(1). I've tried both Ctrl+C/Ctrl+V and highlighting and mouse button 2 clicking. The KeePass2 program on the Linux system is executed by Mono.
How can I copy the password to the xterm(1)?
[Aside: I think we need a "KeePass" tag.]
Security :: Define An Appliance Based On Suse For An Application Server And Web Server Apache - Best Network And Security?
Feb 6, 2010We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
View 3 Replies View RelatedSecurity :: Apache SSO Using Mod_auth_remote?
Aug 18, 2010Has anyone used the mod_auth_remote module to delegate authentication? I have two apache2 servers. One is a content server and the other one is the sso/auth server. When the content server receives a request for a resource protected by basic authentication, the request is forwarded to the sso server for authentication. So far so good. But, the sso server should return a http 200 to the content server and granting access to the user. However, the sso server always returns a http 301 to the content server. So I appear to be stuck in an authentication loop.
Content server config:
<Directory /var/www/html/secure/>
AuthType Basic
AuthName "Content server"
AuthRemoteServer sso.intra
AuthRemotePort 80
AuthRemoteURL /auth
[Code]...
Or perhaps you have a better way of accomplishing apache sso across multiple servers?
Security :: URL (Not URI) In Apache Access Log?
Mar 6, 2010I happened to be looking at my Apache-2.2.8 log on an Ubuntu LTS 8.04.4 system, and noticed a few lines like this:
Code:
61.160.212.242 - - [06/Mar/2010:07:04:41 -0800] "GET http://218.30.115.246/ HTTP/1.1" 200 295 "-" "-"
61.160.212.242 - - [06/Mar/2010:07:05:29 -0800] "GET http://218.30.115.246/ HTTP/1.1" 200 295 "-" "-"
xxx.xxx.xxx.xxx - - [06/Mar/2010:07:56:15 -0800] "GET http://218.30.115.246/ HTTP/1.1" 400 290 "-" "-"
(The third line is me telnetting to the server and trying to issue the same request. Note that I got a 400 error response, while the guy coming from 61.160.212.242 got 200s. Also, if you just open the http://218.30.114.246/ URL, you get back "hello" (nothing else, just 5 characters). I'm presently putting together a bootable CD with chkrootkit to run on the machine. (I found a thread that mentioned in passing that this was related to PHP, which I have running on that Apache server, but my Google-fu isn't strong enough to track down the original thread.) (After checking with chkrootkit: nothing unusual found.)
Ubuntu Security :: Set Apache In Run Level 2?
Apr 6, 2010how can i make apache to run in runlevel2
View 1 Replies View RelatedUbuntu Security :: UFW Blocked IP In Apache Log?
Jun 7, 2011I've setup the Uncomplicated Firewall (UFW) on Ubuntu 10.04 LTS and blocked an IP address. UFW status shows that the firewall is active and the IP in question is denied. The issue is that I'm seeing the blocked IP address in my Apache logs.
View 1 Replies View RelatedFedora Security :: Apache: How To Autoindex With Mod_security
May 13, 2009Once the mod_security module gets loaded to apache, autoindexing stops to work. In a folder without index.html the server says: 403 Forbidden You don't have permission to access /TheFolder/ on this server. I was trying to find something to comment out in the /etc/httpd/modsecurity.d and in the modsecurity.conf files .. but couldnt find anything relevant. how to have mod_security on with haveing autoindexing on aswell?
View 3 Replies View RelatedUbuntu Security :: FTP User And Group To Apache?
Jun 13, 2010What would be the effect of setting ProFTPd's user and group to the same user and group that Apache use? Are there any security risks in doing this, or is this safe to do?
View 4 Replies View RelatedUbuntu Security :: Relation Between Apache & Squid?
Oct 3, 2010Lately i just installed Ubuntu 10.10 and get my Squid installed.It work much superior than Polipo for cache but i do not understand why i got Apache installed after i installed Squid.Is there any co-relation between Apache and Squid?Does it gonna make me run my own web server?
View 4 Replies View RelatedUbuntu Security :: File Permissions With Apache
Jul 6, 2011I know how to assign file permissions and other tasks like user to group, but I'm stuck with a situation in how I should set up my system.So I have a LAMP server set up. I'm not the only developer so I created a group called "developers" for my other users "Mike," "Alex," and "Cindy," which are developers (I'm Mike by the way). I know that "www-data" is the user and group Apache uses.This is good because only I have permission to update the production site, but for the dev site, it's a different story.
View 3 Replies View RelatedSecurity :: Apache In DMZ And Oracle In Local LAN - How To Communicate
May 21, 2010I will be setting up Apache web server in DMZ and Oracle web server (Windows) in LAN. The requirement is to allow logged in visitors to view / change their details via the web site. What is the best way to configure this. Is simply allowing web server's ip to communicate with oracle server's ip (and the oracle port) is secure enough or is there a way to do this more securely?
View 6 Replies View RelatedSecurity :: Crashing Apache Mass Connection?
Aug 29, 2010Basically, this is not the first time it happened, but the third I would say. My trouble and concern is with this massive downloading targeting a test file of mine/client file of mine. Since my server couldn't support that many connections child process spawns, my apache server crashed.
I managed to solve it by closing the client's account, preventing the attack from continuous download. Another way I could solve it was by replacing the file they attempted to attack with 0 byte file.
I'm wondering if there is a possible solution to prevent such issue in future. I'm also not very sure what kind of attack this is. Could it be DDOS? But from what I've asked, some said it wasn't DDOSed, if it was, my whole server would go down, not only apache.
What I was curious was how these attacker found out the files that were stored on the server. These files were not leaked outside, nor there could be a possibility to access that folder because it was protected by .htaccess which deny everyone.
Security :: Prevent Ddos Apache Attacks?
Jan 25, 2011recently my Apache server crashes very often; by watching the error log,I've notice several signs of intrusion.So, I think the problem can be a denial of service attack against my machine.My distribution is Debian Lenny.
View 2 Replies View RelatedFedora Security :: SElinux Apache Upload Denied
Jun 22, 2010I want to be able to created directories and upload files (images mostly) via a php web page. The directory structure is a throwback to windows and I really really don't want to have to change it because there are so many files/links already there.
/cust/cust_name/site/version/web (all html/php files go here)
I want to be able to edit the files with a 3rd party tool (SSH based). These are small orgs, like my church, local community club, sports team, etc., so file ownership needs to sync with the editor, not apache.
[Code].....
Ubuntu Security :: Alerts When Apache LOGS Contain Certain Data
Jul 10, 2010Does anyone know of any software that can monitor the Apache logs for certain phrases or keywords then send an alert when found? For example I know an attempt to hack has been made when I see log entries like this....
/admin/
/admin/phpadmin/
/phpadmin/
But by the time I see it, the attempt has long since failed or succeeded. What I need is a way for my server to alert me WHILE someone is entering these phrases. I realize there may be a "hit" to performance but my server is not that busy anyway (except for hackers).
Ubuntu :: Security Risk To Run Apache Web Server On Laptop?
Sep 29, 2010I am running Ubuntu 10.04 on my laptop. I have an Apache web server running that I can access at 192.168.1.102 ("It works! This is the default web page for this server. ...").
Are there any security risks in leaving this running? Is the web server available to anyone outside my network?
Ubuntu Security :: Need Daemon Running Apache Server?
Apr 5, 2011I'm trying to modify an existing user so that any files they create can be at least read (although writing and execution would be nice) by any other user. The reason is because I need the daemon running my Apache server to be able to access files created by a daemon running under this user, files which will be created and accessed in real-time.
View 3 Replies View RelatedUbuntu Security :: Common Apache 2.2 Exploits - How To Stop
Apr 29, 2011Does anyone know any common apache 2.2 exploits and how to stop them? I am setting up a web server and want it to be secure as possible. I currently have a basic lamp server on a ubuntu server.
View 1 Replies View RelatedUbuntu Security :: Running Shell Commands From Apache
Jun 3, 2011Ok, so I have a few web apps that need to run shell commands. Heres a great example of one:
Code:
This is a PHP script getting my system volume. Herein lies the problem... www-data doesn't have permission to do this!
I changed my apache config to use MY account as the web user, and it does in fact work the way I want it to.
Obviously, I dont want to leave apache running as me, and want it to keep using www-data.... heres my question... how can I give permission for www-data to execute certain programs?
Security :: Allow Apache To Send SIGHUP To Root Process?
Feb 18, 2010I have been tasked with sending a kill -s SIGHUP (a reload) to a Daemon process owned by root running on a centOS 5.4 machine.
Obviously, Apache cannot normally do this, so I'm going to have to use the sudoers file.
My problem is, how do I allow the Apache user to only run the kill command? nothing else.
in testing, I've gotten Apache to basically run every command prefixed with sudo and no password prompting. But I want the added security to only run the kill command without the password being prompted everything else should prompt for a password.
I'm trying to understand the sudoers file, and i must say, its non-trivial.
is there a simple 1 line I can put in the sudoers file like
PHP Code:
apache ALL=(ALL) NOPASSWD: /bin/kill
Security :: Granting Apache Sudo Rights Secure?
Sep 27, 2010I have setup a VPS server, created two accounts to two domains respectively, and in one account I built a tool to manage other accounts. I have been rigorously researching and found information, however not implemented yet, about granting apache sudo rights through an interface on one account, so that it can execute scripts as root to manage installations in other accounts. what I mean this is my tool will use 'rsync' to duplicate installations from any account into any account.
My question for security, is it secure to grant apache sudo rights? I have not resolved successfully granting it permissions, and I would not want to waste my time investigating more on it if it can compromise the system in any way.
In your experience, is it feasible to build such a tool like I described? I have the tool working to copy within account and to addon domains and it works great, but I want it to manage all accounts on the server.
Ubuntu Security :: Ways To Secure Server Setup With Apache?
Jun 19, 2010I've set up a server for the first time today and I'm reading up on how to secure it. But I was wondering if anyone here would give me some tips from personal experience on what to do before going online with my website for the whole world to see. I'm running Ubuntu Server edition and Apache. Am I good to go with default settings or is there anything recommended that I should first do?
View 9 Replies View RelatedSecurity :: Apache Exploited To Send Out Spam From Mailform On Website?
Oct 7, 2010I have a server with a couple of sites on it. Some of them have a webform where people can send them emails that they are interested in their work etc. though the "To:" and "From:" adress can't be change by the enduser, you can only enter text and press send. However it seems that someone (not on the server) has found a hole/exploit to use those webforms to send mails to who ever he wants.. I have the webserver setup with ssmtp (simple smtp) and it just forwards the mail sent from the server to my mail-server and there on it sends it out on the internet. If I check my log on the mail-server I can see the whole smtp session, where it's comming from and where it's going etc. I see that it comes from my webserver and over there I only have these log entries:
Oct 6 22:04:47 ettan2 sSMTP[1771]: Sent mail for itaumail@itau.com.br (221 2.0.0 Bye) uid=204 username=torget outbytes=3290
There are loads of those log entries, mostly at after office-hours between 17:00 and 7:00 I have scanned through all the Apache logs and can't find Anything that point to the e-mail addresses used or something like that. The reason I found this out was because he tries to send to a host that doesn't allow connection on port 25 so all the mails got stuck in the queue, over 1000 atm.. I'm using Apache 2.2 and Postfix 2.6 on a Debian Lenny install. What can I do to find out how he's doing this and close the "exploit"? Who would you recommend to setup the mail() thing in PHP for most security?
Ubuntu Security :: PHP Is Not Running Under Apache 2 And Limited By The Www-data Filesystem Access?
Jun 30, 2010I'm about to have a web server at home for the first time. I've always missed having full control and not having to contact my hosting company when I need to do some specific changes - and some changes they won't do for you at all.I've chosen the non-GUI Ubuntu Server with LAMP, and nothing more is installed really except for a couple of command line tools from the repository. The LAMP software has been locked down as good as I can by following some guides on the net and using common sense. Like Apache 2 don't have access to the file system except for the www folder, and setting the headers to Prod. MySQL has skip-networking and I've commented out the listen string to localhost. PHP has a truckload of functions that I've disabled in the php.ini, also by following some guides on the net, among some other security enhancing php.ini editing.
The only thing the server will serve is a well known PHP forum and some html docs, and that's all. Nothing advanced or complicated stuff, and I'm definitely not programming PHP myself or letting anyone do it for me.But I do want to sleep well at night knowing that my server is always on and sitting on the edge of my home network! And can I do that? I've heard that you don't need to be worried about getting your Linux server box hacked, but you should be worried about anyone getting root access to it. But is it really that simple? Ubuntu is shipped without root account and you must have the sudo password, right? What's the odds for anyone to get full access to my system?An issue: I've heard that Apache never must run as root. When I do a ps -ef, I see that there are several www-data processes running apache, but there's one root process running apache too. Is this normal and is it safe?An issue: I've heard that PHP can fail pretty easily. But isn't PHP running under apache 2 and limited by the www-data filesystem access?An issue: MySQL is running as a MySQL user, and I guess that's an unprivileged user right?