LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-22-2009, 07:57 AM   #1
sego banti
LQ Newbie
 
Registered: Sep 2009
Posts: 3

Rep: Reputation: 0
Exclamation How to demonstrate secure apache webserver on ubuntu


Hi,

I am a newbie to linux but i have managed to set up an apache webserver on ubuntu 9.04, it is also running php, ssh and mysql. Using some of the guides i have found online, I think i have managed to harden it a fair bit. I will like to demonstrate this to a few stake holders in a professional manner.

Is there an easy to use software that i can use to simulate attacks from one computer to the 'secure' computer?

Any help will be very appericiated.
 
Old 09-22-2009, 04:23 PM   #2
JamesChamberlain
Member
 
Registered: Sep 2009
Location: Wirral, UK
Distribution: Red Hat Enterprise Linux / Fedora 11
Posts: 47

Rep: Reputation: 18
There's a distro written for this kind of work. Please see http://www.remote-exploit.org/backtrack_download.html

Don't be an idiot and try and use this offensively.
 
Old 09-22-2009, 04:43 PM   #3
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,782
Blog Entries: 1

Rep: Reputation: 413Reputation: 413Reputation: 413Reputation: 413Reputation: 413
I'm going to argue that there is no way to demonstrate security. What might be secure today could be insecure tomorrow. Security is a mind-set and a process. You are always working on security or your not secure. How about a detection system? Do you have any way to find out if you've been compromised? How is your plan for investigating potential breaches? Do you have backup and restore in place? Just attacking your computer with slop like Backtrack doesn't do much of anything.
 
Old 09-22-2009, 04:46 PM   #4
JamesChamberlain
Member
 
Registered: Sep 2009
Location: Wirral, UK
Distribution: Red Hat Enterprise Linux / Fedora 11
Posts: 47

Rep: Reputation: 18
Hmpf after reading that I'd agree. I suppose for a short, 'quick fix' attack it with backtrack would be ideal, but who knows who or when is going to attack your server.

I feel i've answered the guys question by:

Quote:
Is there an easy to use software that i can use to simulate attacks from one computer to the 'secure' computer?
but he does need to consider the wider picture. Carefully reading the above comment..
 
Old 09-22-2009, 05:57 PM   #5
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,782
Blog Entries: 1

Rep: Reputation: 413Reputation: 413Reputation: 413Reputation: 413Reputation: 413
Quote:
I suppose for a short, 'quick fix' attack it with backtrack would be ideal,
With all due respect, no it wouldn't. This is why I absolutely loathe backtrack. It claims to be a penetration testing tool, but in reality the best it does is give a false sense of security. Personally, I think backtrack is a skiddie toolkit trying to masquerade behind some sort of respectability. Besides, does backtrack issue update with zero day exploits? The bad guys are likely WAY ahead of backtrack, so using it in "testing" is really only pretending to do something useful.

I'll get off my soapbox now.....
 
Old 09-22-2009, 09:37 PM   #6
jefro
Guru
 
Registered: Mar 2008
Posts: 11,385

Rep: Reputation: 1396Reputation: 1396Reputation: 1396Reputation: 1396Reputation: 1396Reputation: 1396Reputation: 1396Reputation: 1396Reputation: 1396Reputation: 1396
Backtrack's live cd might be a place to start unless someone offers a better solution. Just saying it stinks doesn't help.

For the most part, you can assume any computer connected to the internet is unsafe at any speed. Seems the latest hack fest took down Mac, Win and Linux in a matter of minutes.
 
Old 09-22-2009, 10:42 PM   #7
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,974
Blog Entries: 11

Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
Moved: This thread is more suitable in <Security> and has been moved accordingly to help your thread/question get the exposure it deserves.
 
Old 09-23-2009, 07:00 AM   #8
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,782
Blog Entries: 1

Rep: Reputation: 413Reputation: 413Reputation: 413Reputation: 413Reputation: 413
Quote:
Backtrack's live cd might be a place to start unless someone offers a better solution. Just saying it stinks doesn't help.
I'm going to strongly disagree. First, I did point out some things to start thinking about besides backtrack. Second, offering up backtrack as a solution here is about as useful as pointing to instructions on how to bake a cake. Isn't pointing out complete futility useful?

What the OP should be doing (in my opinion) is understanding existing security threats to the software on the server. Make sure it and the OS are fully patched. Understand how physically secure the system is. Make sure that if an intrusion occurs, there is a way to detect it and understand what happened. And then have the resources available to recover from the intrusion and prevent it in the future. Backtrack is completely and totally useless for any of those activities.

I'll admit I'm a security rookie, but I have done a fair bit of reading here and elsewhere. What I will say is from what I have learned, backtrack really doesn't cut it. The ONLY thing it can do is give a false sense of security.
 
Old 09-23-2009, 07:12 AM   #9
sego banti
LQ Newbie
 
Registered: Sep 2009
Posts: 3

Original Poster
Rep: Reputation: 0
Question

Quote:
Originally Posted by Hangdog42 View Post
How about a detection system? Do you have any way to find out if you've been compromised?
thanks for the feedback so far guys, i guess having an intrusion detection system on the "secure" end will be handy to show it resisting "attacks" as well. If i were to use back track to simulate attacks, what IDS will be appropriate to show it resisting them. (if it holds up that is).
Again any help is greatly appreciated.
 
Old 09-23-2009, 11:09 AM   #10
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,782
Blog Entries: 1

Rep: Reputation: 413Reputation: 413Reputation: 413Reputation: 413Reputation: 413
Unspawn has already compiled a ton of suggestions that you can find in the sticky at the top of the forum. Post 3 is the most directly applicable to detecting intrusions.
 
Old 09-24-2009, 12:19 PM   #11
slimm609
Member
 
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 428

Rep: Reputation: 65
Quote:
Originally Posted by Hangdog42 View Post
Besides, does backtrack issue update with zero day exploits? The bad guys are likely WAY ahead of backtrack, so using it in "testing" is really only pretending to do something useful.
Yes there are backtrack repos that keep everything up to date. From exploits to kernel patches. Most of the time shortly after the exploit is released it is in the repos ready for you to update.

Not to be rude but if you knew more about backtrack then you would know that some of the 0day POC exploits are written by backtrack contributers. So the theory that the bad guys are way ahead is not entirely accurate.

Last edited by slimm609; 09-24-2009 at 12:24 PM.
 
Old 09-24-2009, 12:32 PM   #12
slimm609
Member
 
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 428

Rep: Reputation: 65
Quote:
Originally Posted by Hangdog42 View Post
I'll admit I'm a security rookie, but I have done a fair bit of reading here and elsewhere. What I will say is from what I have learned, backtrack really doesn't cut it. The ONLY thing it can do is give a false sense of security.
I would also have to disagree with this. Backtrack has a lot of useful tools for testing current environments. All the tools that are included are open-source and can get aquired elsewhere but backtrack already has a nice collection of tools in one location. Sniffers, Fuzzers, Debuggers, shell code generators, etc. Backtrack is not just used to test against known vulns. It includes plenty of tools for finding/coding new exploits/vulns.

This is right off the site

"I wish I had BT3 many years ago. It would have saved me a lot of time." - Kevin Mitnick

"BackTrack is the fastest way to go from boot to remote root." - H.D. Moore

"BackTrack is the ninja hacker's weapon of choice." - Johnny Long


here is more reviews of the training based off of backtrack from the backtrack creators.
http://www.offensive-security.com/course-reviews.php

Last edited by slimm609; 09-24-2009 at 12:34 PM.
 
  


Reply

Tags
apache, attack, hack, software, ubuntu, webserver


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: HowTo: Secure your Ubuntu Apache Web Server LXer Syndicated Linux News 0 01-30-2008 03:10 AM
LXer: Secure your webserver using SSL and TinyCA LXer Syndicated Linux News 0 10-08-2007 02:30 PM
Debian webserver as secure as possible Fuel Debian 2 07-20-2005 04:23 AM
The correct/secure way to setup a webserver? ]SK[ Linux - Software 5 02-11-2005 02:34 AM
Trying to setup a secure webserver pyrombca Linux - Software 0 09-02-2003 05:04 PM


All times are GMT -5. The time now is 10:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration