Re: identifying security vulnerabilities on inherited system

From: Thomas Reidy (treidy_at_gmail.com)
Date: 09/04/04

  • Next message: Das, Arijit (GE Healthcare): "FW: Help Required"
    Date: Sat, 4 Sep 2004 09:57:57 -0400
    To: security-discuss@linuxsecurity.com
    
    

    I would also suggest running nessus (http://www.nessus.org), etc
    against this server(s).. **Get permission** to do so, run at low
    usage time to determine what packages are most vulnerable..

    Also, *always* make sure to test updates on test box prior to the
    production site... it might seem like a small update, but it could
    also update dependencies on other applications..

    -- 
    --- Chiringuito
    t_r_e_i_d_y_@-g-m-a-i-l-.-c-o-m
    On Fri, 03 Sep 2004 21:31:47 +0000, George Van Tuyl
    <gvantuyl@artisllc.com> wrote:
    > 
    > 
    > RCS Computers wrote:
    > 
    > > Hi,
    > >
    > > I recently took over programming for a semi-large web site. They are
    > > currently using a web-design / hosting company to manage their server.
    > > They are running RH 7.3 and it looks like the system has not been
    > > updated in quite some time. Can you tell me how I might take the
    > > version numbers of the things listed below and find out if there are
    > > any security vulnerabilities.
    > >
    > > I realize that I could just update anyway, but I am going to have to
    > > prove that the current set up is a security risk.  Thank you in advance.
    > >
    > > The following ports are open on this web server:
    > >
    > > pop3
    > > imap
    > > http
    > > ftp
    > > ssh
    > > smtp
    > > https
    > >
    > > I am not really familiar with ip chains, but this looks like
    > > everything is accepted:
    > >
    > > Chain input (policy ACCEPT):
    > > target prot opt source destination ports
    > > ACCEPT tcp -y---- anywhere anywhere any -> ssh
    > > ACCEPT tcp -y---- anywhere anywhere any -> smtp
    > > ACCEPT tcp -y---- anywhere anywhere any -> http
    > > ACCEPT tcp -y---- anywhere anywhere any -> ftp
    > > ACCEPT all ------ anywhere anywhere n/a
    > > ACCEPT all ------ anywhere anywhere n/a
    > > ACCEPT udp ------ ns.bluegrass.net anywhere domain -> any
    > > REJECT tcp -y---- anywhere anywhere any -> any
    > > REJECT udp ------ anywhere anywhere any -> any
    > > Chain forward (policy ACCEPT):
    > > Chain output (policy ACCEPT):
    > >
    > >
    > > Here are the versions of pertinent programs:
    > >
    > > Distro: RH 7.3
    > > Kernel: 2.4.18-3
    > > Apache: 1.3.28
    > > NcFTP 3.1.3/985
    > > OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
    > > Postfix: 1.1.12
    > > ipopd: not sure how to find out
    > > imapd: not sure how to find out
    > >
    > >
    > >
    > > --------------------------------------
    > > Randy Syring
    > > RCS Computers
    > > www.rcs-comp.com
    > >
    > > "Whether, then, you eat or drink or whatever you do, do all to the
    > > glory of God."
    > > 1 Cor 10:31
    > > ------------------------------------------------------------------------
    > >     To unsubscribe email security-discuss-request@linuxsecurity.com
    > >         with "unsubscribe" in the subject of the message.
    > >
    > >
    > Make your life easy with apt-get.
    > 
    > You will need at some point move to a distribution that you can keep
    > current.  Slackware, Debian, etc....  It will take some time to put
    > together a migration plan but for for that but for now go to
    > "http://apt.freshrpms.net/" download and install the apt-get rpm for 7.3
    > RedHat. Read the documentation and get your system current.  I keep one
    > of my systems at 7.3 and used apt-get to bring it to the latest rpms
    > available.  Which by the way are not as current as they could be but
    > better than what you have instlled at present.  APT-GET will resolve all
    > dependencies and upgrade your system automagically.  Make sure that you
    > do run apt-get update before you do an upgrade or install and make sure
    > the apt-getrc, or on a RedHat 7.3 system it is /etc/apt/sources.lst file
    > has the correct source for your distribution.   If you are not sure let
    > me know and I will post a copy of mine to you.
    > 
    > gvt
    > 
    > 
    > ------------------------------------------------------------------------
    >      To unsubscribe email security-discuss-request@linuxsecurity.com
    >          with "unsubscribe" in the subject of the message.
    > 
    >
    ------------------------------------------------------------------------
         To unsubscribe email security-discuss-request@linuxsecurity.com
             with "unsubscribe" in the subject of the message.
    

  • Next message: Das, Arijit (GE Healthcare): "FW: Help Required"