Security Help Question.

From: Shannon Kelley (wdragon@cachedreality.com)
Date: 11/20/01

Previous message: Matt Hemingway: "Re: Multiple port mirroring?"
Next in thread: Johannes Verelst: "Re: Security Help Question."
Reply: Johannes Verelst: "Re: Security Help Question."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <004e01c171e5$73adbd20$0a5bc4d1@eva01.net>
From: "Shannon Kelley" <wdragon@cachedreality.com>
To: <security-basics@securityfocus.com>
Subject: Security Help Question.
Date: Tue, 20 Nov 2001 11:04:44 -0600

Greetings Everyone,

I have been working to try to come up with a security design for a
remote webserver I administer. Now I will admit I am still rather new
at this whole adventure into network security I figured I'd ask the
subscribers of this list for any suggestions or feedback on what I'm
trying to do. First a little system Specs

Redhat 7.2 Server Running Apache (As Apache)
Pure-Ftpd FTP Daemon Running in virtual Directory Mode.

Currently this is my goal.

No users Except System Admins will have Shell Access. I've currently
gone into the /etc/passwd file and changed all non shell holders to
/bin/false or /dev/null. What I want to do is setup a "Secure"
webserver environment so that if compromised a user cannot break system
integrity.

Pureftp I've configured to automatically connect to the users home
directory and chroot everything so that they cant back out of thier home
directory.

Currently I am trying to setup a structure of

/www/html/(User Domains)

Can anyone suggest any combinations of Chmod's or File/Group
owernerships that might effectivly make this situation work efficiently?
Some of the people on the server run the scripts such as Postnuke..
*I've banned PHPnuke from my server.. too many exploits recently* I know
that the php scripts will occasinally require the webserver to update
its own files and or make changes to certain files.

I'm namely concious on this matter cause one of my users websites were
compromised earlier this month, a shell script was uploaded to his home
directory and was able to get command line access and Manipulate and
change a few of the other sites on the system.. I'm trying to prevent
this from happening again..

Any Help is Greatly Appreciative

Shannon

Previous message: Matt Hemingway: "Re: Multiple port mirroring?"
Next in thread: Johannes Verelst: "Re: Security Help Question."
Reply: Johannes Verelst: "Re: Security Help Question."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Gallery 1.3.3
... I am forwarding this response from the Author of Gallery who posted ... Recently there was a post on BugTraq, that referred to a security hole ... was refers to is the fact that on a shared webserver it's possible for ... webserver is managing data for you via a web interface and your ISP ...
(Bugtraq)
Re: Webserver Security Logs
... > webserver, if you have it running and I believe those events will go away. ... > read more about that in the free Windows 2000 Security Hardening Guide. ... > Microsoft also has the free IIS Lockdown Tool and Urlscan Security Tool ... >> these entries something that we should be concerned about. ...
(microsoft.public.win2000.security)
Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
... The truth is that you cannot implement true security mainly ... Lets take a webserver as an example. ... you deploy a firewall in front of it restricting access to just those ... The firewall blocks access to them, ...
(Full-Disclosure)
Re: Webserver Security Logs
... i turned off file & print sharing as suggested and that did it. ... the weekend to see what kind of log entries, ... webserver, if you have it running and I believe those events will go away. ... read more about that in the free Windows 2000 Security Hardening Guide. ...
(microsoft.public.win2000.security)