Re: New IIS Lockdown tool from Microsoft
From: Buchenauer, Christian (chrb@CAFE.CH)Date: 10/10/01
- Previous message: Runza, Michael: "Re: IIS infection prevention from W32.Nimda.A@mm/TROJ_NIMDA.A"
- In reply to: Dave Salovesh: "Re: New IIS Lockdown tool from Microsoft"
- Next in thread: David LeBlanc: "Re: New IIS Lockdown tool from Microsoft"
- Reply: David LeBlanc: "Re: New IIS Lockdown tool from Microsoft"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3BC45AED.FA5EC917@cafe.ch> Date: Wed, 10 Oct 2001 16:27:57 +0200 From: "Buchenauer, Christian" <chrb@CAFE.CH> Subject: Re: New IIS Lockdown tool from Microsoft To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Hi Russ
Just my 2c regarding proper ACL's on NT4:
The recent discussion about IIS and security has clearly shown that
appropriate ACL's are an absolute "must have".
While building a IIS-webserver, one would need to - as part of the setup
process! - set the ACL properly; from the very beginning. We use a
script with cacls here; why does not everyone do so?
For a basic NT 4 IIS server with perl running on it, you only need the
permissions as shown below [1]. These permissions go for NT system only;
on the website-files, the ACL may be different.
I got these data while observing the security log and setting the
required permissions file per file. The same method would be used to
adjust the ACL for FrontPage, databases etc.
Maybe someone on the list can think of a script which does this
automatically?
-> do a GET request on a website on the server
-> monitor the security log for event-ID's 560 (failed access to file)
-> set the ACL accordingly / write the filename into a file for manual
approval
(the known best practices - patching, removal of mappings - remain valid
of course)
Regards
Christian
[1] Permissions needed to run IIS4, Perl:
- RWXD for IUSR_hostname:
<path to>\Perl\site
<path to>\Perl\lib\AutoLoader.pm
<path to>\Perl\lib\Carp.pm
<path to>\Perl\lib\DynaLoader.pm
<path to>\Perl\lib\Exporter.pm
<path to>\Perl\lib\overload.pm
<path to>\Perl\lib\strict.pm
<path to>\Perl\lib\vars.pm
<path to>\Perl\lib\auto\DynaLoader\dl_findfile.al
<path to>\Perl\lib\CGI\Carp.pm
<path to>\Perl\site\lib\OLE.pm
<path to>\Perl\site\lib\Win32\OLE.pm
<path to>\Perl\site\lib\Win32\OLE\Lite.pm
<path to>\Perl\site\lib\Win32\OLE\Variant.pm
- RX for IUSR_hostname:
C:\
C:\Programs
C:\Programs\Perl\site\lib
C:\Programs\Perl\site\lib\auto\Win32
C:\WINNT
C:\TEMP
C:\WINNT\Help\common
C:\WINNT\system32
<path to>\System\ADO\msader15.dll
<path to>\System\ADO\msado15.dll
<path to>\System\ADO\msadrh15.dll
<path to>\System\MSADC\msadce.dll
<path to>\System\MSADC\msadcer.dll
<path to>\System\OLE DB\msdasql.dll
<path to>\System\OLE DB\msdasqlr.dll
<path to>\System\OLE DB\msdatl2.dll
<path to>\System\OLE DB\oledb32.dll
<path to>\System\OLE DB\oledb32r.dll
C:\Programs\Perl\bin\perl.exe
C:\Programs\Perl\bin\perlcore.dll
C:\WINNT\system32\expsrv.dll
C:\WINNT\system32\MSAFD.DLL
C:\WINNT\system32\msdart32.dll
C:\WINNT\system32\msjet40.dll
C:\WINNT\system32\msjint40.dll
C:\WINNT\system32\MSJTER40.DLL
C:\WINNT\system32\msjtes40.dll
C:\WINNT\system32\MSRD2X40.DLL
C:\WINNT\system32\msrd3x40.dll
C:\WINNT\system32\mswstr10.dll
C:\WINNT\system32\odbccp32.dll
C:\WINNT\system32\odbcji32.dll
C:\WINNT\system32\odbcjt32.dll
C:\WINNT\system32\PerlCRT.dll
C:\WINNT\system32\RNR20.DLL
C:\WINNT\system32\STDOLE2.TLB
C:\WINNT\system32\vbajet32.dll
C:\WINNT\system32\WINSPOOL.DRV
C:\WINNT\system32\WSHTCPIP.DLL
C:\WINNT\system32\drivers\etc\HOSTS
C:\WINNT\system32\inetsrv\asp.dll
C:\WINNT\system32\inetsrv\ssinc.dll
-- ------------------------------------------------------- Christian Buchenauer phone +41.1.210.44.43 mobile +41.79.468.99.88 facsimile +41.1.210.33.13 mobile +41.79.468.16.24 -------------------------------------------------------============================================================================ Delivery co-sponsored by Trend Micro, Inc. ============================================================================ BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000 Earn 5% rebate on licenses purchased for Trend Micro ScanMail for Microsoft Exchange 2000 between October 1 and November 16. ScanMail ensures 100% scanning of inbound and outbound traffic and provides remote software management. For program details or to download your 30-day FREE evaluation copy: http://www.antivirus.com/banners/tracking.asp?si=53&BI;=245&UL;=http://www.ant ivirus.com/smex2000_rebate
- Previous message: Runza, Michael: "Re: IIS infection prevention from W32.Nimda.A@mm/TROJ_NIMDA.A"
- In reply to: Dave Salovesh: "Re: New IIS Lockdown tool from Microsoft"
- Next in thread: David LeBlanc: "Re: New IIS Lockdown tool from Microsoft"
- Reply: David LeBlanc: "Re: New IIS Lockdown tool from Microsoft"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
