Blackhole

Reuben D. Budiardja techlist at voyager.phys.utk.edu
Mon Apr 11 20:09:36 UTC 2005


On Monday 11 April 2005 15:44, Chris Kenward wrote:
> Hey Reuben
>
> > It's a posibility. If your apache is compromised through one of
> > the vulnerable program/package (eg. cgi stuff) that is run there,
> > then it's possible for hacker to get shell access, and basically
> > download anything that the hacker wants to your machine, like more
> > exploit, IRC bots, etc.
>
> What are you trying to do - spoil my day? <chuckle>

Now, why would I want to do that ? :)

> The problem is there is just so much stuff that can be changed - I mean
> there are just hundreds of websites on this particular server. Although
> it's not been compromised more than this couple of timese in the last
> couple of years, it seems that fighting it is a losing battle designed to
> lose us our hair and put the blood pressure up.

As I said earlier, security is a process. It's also a judgement call. There is 
no such thing that "my system is completely secure". At some point you have 
to decide whether you can be reasonably confident that your system is secure. 
On the practical side, it's also good to know what's going on the machine. 
Keep track of third party software installed, keep on top of vulnerabilities 
for these software, always updates as soon as possible when there is updates 
(in this case, from RHN). These are few basic things that a sysadmin should 
do. 

I know other folks here who has much more experience who can probably say this 
in much better way. I am myself still learning about all these.

RDB
-- 
Reuben D. Budiardja
Dept. Physics and Astronomy
University of Tennessee, Knoxville, TN

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT/M/MU/P/S d-(++) s: a-- C++(+++) UL++++ P-- L+++>++++ E- W+++ 
N+ o? K- w--- !O M- V? !PS !PE Y PGP- t+ 5 X R- tv+ 
b++>+++ DI D(+) G e++>++++ h+(*) r++ y->++++
------END GEEK CODE BLOCK------




More information about the redhat-list mailing list