Re: what percent of time are there unpatched exploits against default config?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 12/27/2011 10:42 PM, Bennett Haselton wrote:
> Everything installed on the machine had been installed with "yum".  So I
> assumed that meant that it would also be updated by "yum" if an update was
> available from the distro.
> 

1.  Are you running PHP apps on the web server?  Perl apps?  Bad code in
dynamic apps is the main way security breaches happen if via apache.
And in those cases is usually the ability to execute some script
(sometimes one that the bad guys upload first) that is the issue.  Many
times this happens because programmers of the dynamic (php, perl,
python, ruby, etc.) do not properly vet the input of some form or other
item.

2.  Why have password logins at all?  Using a secure ssh key only for
logins makes the most sense.

3.  Please do not top post.

> On Tue, Dec 27, 2011 at 9:38 PM, Karanbir Singh <mail-lists@xxxxxxxxx>wrote:
> 
>> On 12/28/2011 04:29 AM, Bennett Haselton wrote:
>>> I was asking because I had a server that did get broken into, despite
>>> having yum-updatesd running and a strong password.  He said that even if
>>
>> the software component compromised was a part of the updates being
>> dished out from the distro ( and therefore likely covered via the
>> yum-updatesd? )
>>

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux