Some links that might help... http://www.enteract.com/~lspitz/linux.html http://www.psionic.com/products/portsentry.html http://www.oit.ucsb.edu/~eta/swatch/ And a must have... http://www.sansstore.org/Merchant/linux.htm (Always have to plug SANS...) :-) Hope these help, /signed/ Doug Harold, GCIA Captain Canadian NORAD Region Information Protection "Bradley, Tony" <tony.bradleyat_private> wrote: >Not to start a Microsoft vs. Open Source debate regarding security, but for >me personally my Microsoft systems are more secure simply because I am more >familiar with the operating system(s) and the software and I have more >security experience on that platform. > >I recently built a Redhat Linux 7.0 server to use as a web server. I am >quite sure it is entirely insecure because I barely know enough to get >around in Linux, much less how to configure and secure it. I installed >Apache web server and after much trial and error at least got my sites to >work and got the CGI scripts to work. > >However, I have noticed in my logs that I have about 1000 "Nimda"-like hits >a day. I have cut & paste a portion of my log below. > >[26/Feb/2002:18:37:19 -0500] "GET >/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 310 >[26/Feb/2002:18:37:19 -0500] "GET >/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 310 >[26/Feb/2002:18:37:20 -0500] "GET >/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 310 >[26/Feb/2002:18:37:20 -0500] "GET >/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 310 >[26/Feb/2002:18:37:20 -0500] "GET >/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 294 >[26/Feb/2002:18:37:20 -0500] "GET >/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 294 > >First of all, since these hits are trying to access Windows directories do >they pose any threat to my Linux machine? Second of all, is there any way >for me to block these types of hits from my server? > >If anyone can recommend a good book or resource for hardening my Linux >server and / or any good IDS, antivirus and other such security tools that >would be appreciated as well. > >Thanks- > >Tony Bradley, MCSE, MCSA, MCP, A+ >Threat & Vulnerability Monitor >EDS GM Global Information Protection Programme >Electronic Data Systems > >"We find comfort among those who agree with us-growth among those who >don't." ~ Frank A. Clark ~ > > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com > > -- __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 09:07:07 PST