Re: Interpreting logwatch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, Sep 09, 2010, Natxo Asenjo wrote:
>On Wed, Sep 8, 2010 at 6:17 PM, Bill Campbell <centos@xxxxxxxxxxxxx> wrote:
>
>> I think it's a mistake to discount any attacks involving php as
>> the vast majority of the systems I have had to clean up after
>> cracks have been compromised through php vulnerabilities, usually
>> in conjunction with weak user level passwords.
>>
>> IHMO, admin tools like phpMyAdmin, webmin, and usermin should be
>> carefully restricted, preferably only accessible via a private
>> LAN, not from the public internet.  Use a VPN to access from the
>> public internet if necessary.  We don't install usermin in most
>> cases as I have seen it used to exploit security bugs on old SuSE
>> systems that permit root access.
>
>Last time I checked, webmin and usermin were written in Perl ;-), no php there.

True enough (although very ugly perl without adequate paramter
checkind in come cases :-) should have said different topic.

>If you're running a web app with a known vulnerability and it's
>available from the internet, then you're in trouble, that's for sure.

Even if it doesn't have known vulnrabilities, running admin
applications that may have root capabilities without guarding
against unauthorized access is a recipe for trouble.

Bill
-- 
INTERNET:   bill@xxxxxxxxxxxxx  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186  Skype: jwccsllc (206) 855-5792

Good men can muddle through a bad constitution, but bad men can
wreck the best of them. -- Aristotle
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux