[thelist] Red Hat / Apache / General Security Reviews?

Joe Crawford jcrawford at avencom.com
Sat Apr 21 19:38:54 CDT 2001


Okay, so at work we have a linux box we play with and have some "friend"
(not client) websites hosted on it. linux/redhat/php etc.

And our guy who admins it in his (yah right) spare time really cares about
it working right and about security (and me, who just wants to do cool stuff
with it).

So I added a virtual host to it the other day, and about an hour later we
got hacked (they were very nice, and made backups of the home pages for the
domains) their tag was "1i0n Crew H.U.C".

I made some changes to Apache, allowing cgi in any directory a few weeks
ago.

Thing is, when our admin guy did the install he was very conscious of
security, and applied all the patches your supposed to (to his knowledge).

So how does anybody *do* this unix admin stuff? How the heck do the great
ones keep up with all these patches? The thing I keep reading is that for
most exploits, patches come out quick, but where to find the time to keep
up? This guy is much more valuable in an application architecture/
programming mode, and these sites are all low priority, so no biggie taking
them offline for awhile while we recover. But what if it were a client box
(!).

So my question (I think I have a question here somewhere) is is it possible
to have a confidential service do security review periodically to see if
we're vulnerable? And then as part of the service breakdown what changes we
need to make? 

Or maybe tools a la the "SATAN" tool I remember reading about so many years
ago? Something maybe an idiot like me can run periodically at the box to see
where we're vulnerable, then our admin can see what we need to defend
against, where we need patches, where we're lax or out of date.

I'm open to any thoughts you have on this. Thanks,

    Joe Crawford <http://artlung.com/>






More information about the thelist mailing list