Re: Security tool to check CGI scripts for security holes/vulnerabities

From: all mail refused (elvis_at_notatla.org.uk)
Date: 11/20/03 

Date: 20 Nov 2003 20:23:29 GMT

In article <5d170c0c.0311201106.4e78f59@posting.google.com>,
Trent Rivers wrote:

>I'm searching for a good security tool that I can use regularly to
>scan all the programs/scripts in my web servers cgi-bin directory to
>identify code that is creating security holes/vulnerbilites on the
>server? Does such a thing exist??? Our web server is Apache 1.3.27 on
>RH Linux 7.3.

I've done some Perl stuff that looks for the likes of system() in its
one-argument form and open() with pipes. And lack of tainting on the #! line.
That was in the context of checks on the webserver too - httpd.conf writable
by non-root, files writable by the webserver child process user etc.

None of that was rocket science but as it is work I can't publish just
like that.

In fact the hardest part (which I still haven't clobbered) is figuring out
which of the 100 or so httpd.conf files on a box (I have a user population
requiring tomato bombardment) are actually in use. I thought of making
apache log details like that (files used, arguments used) to syslog so that
I can establish from that what's in use. I still haven't got round to
trying that mod.

I'm in favour of checking the code manually before it gets in place
but a regular automated check is nice too. 

-- 
I was less than impressed when one of my staff last year suggested
tunneling ftp through ssh. -- Evpuneq Erivf

Relevant Pages