Hi all -- Over the winter holidays Ben Laurie wrote a new Apache module, mod_log_forensic, that greatly enhances the ability to debug Apache segfaults (and therefore to figure out what's going on when someone is abusing your Web server). Here's the description from Apache Week: "A new module, mod_log_forensic, was committed to both the 2.1 development tree and the 1.3 tree by [1]Ben Laurie over the New Year. The module writes each request (including headers) to a log file before request processing begins, including a unique request ID. After request processing is completed, the unique ID is again logged to the log file. If a security issue is exploited on a server running mod_log_forensic, crashing a child process, the log can then be used to discover exactly what request was used in the exploit, allowing further investigation." It's not yet rolled into the stable Apache source tree, but you can find links to the appropriate snapshots at http://www.modsecurity.org/blog/archives/000423.html The module also includes a script that looks for those pairs of unique IDs and flags singletons, so you can >immediately< tell where problems are. Way to go, Ben, for not only improving Apache's ability to notice evil behavior going on, but also for making it easier for us to notice Apache telling us :-) I'm adding this to LogAnalysis under the "UNIX and related" library link, as well as the application-specific parsers link, and will update those with "production" info when the module goes stable. cheers -- tbird -- Evil or not, it has been written. The moon must first become a penal colony before it can become a libertarian paradise. -- Len Sassaman http://www.precision-guesswork.com Log Analysis http://www.loganalysis.org VPN http://vpn.shmoo.com tbird's Security Alerts http://securecomputing.stanford.edu/alert.html _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Feb 04 2004 - 14:59:18 PST