Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Dear All,
I have been monitoring my logwatch content and I notice there is some 170 times of myfolder/cache/09fe503e5898bcbc55056542d470a803. Is this any hack attempt? I have also install mod_secure should I do some more hardening then?
and I notice there is some 170 times of myfolder/cache/09fe503e5898bcbc55056542d470a803. Is this any hack attempt?
Please be more specific. I don't what log file the warning stems from or why you obfuscate the location of "myfolder/". And did you check the contents of "myfolder/cache/"?
Quote:
Originally Posted by newbie14
I have also install mod_secure should I do some more hardening then?
Maybe start by listing what the purpose of this machine is (LAN file server, exposed web server, etc) and what you already have done in terms of hardening.
Dear All,
I have an exposed web server machine. The hardening part I have done is that to stop using normal user name password, putting the machine behind a firewall thus only port 80 is open and to access the machine via ssh it to be via vpn. In additonal it is minimal install centos 6.3 and directory browsing have been blocked too. I have also install mod_secure which claims to protect the apache server. I might be missing other option which I have might not have come learned yet. The log file is content from the logwatch and titled as 404 Not Found. I have done this find / -name cache and I dont see any folder by the name myfolder/cache. What can I do the further harden by server to avoid attacks on my folders?
After some more googling and further going through the error and access log of my httpd I found this link speak the same problem too http://serverfault.com/questions/390...ge-named-cache. Thus I can see it is any issue with the client browser and not my server? Anyway I will welcome further idea on hardening my web server though.
The log file is content from the logwatch and titled as 404 Not Found. I have done this find / -name cache and I dont see any folder by the name myfolder/cache. What can I do the further harden by server to avoid attacks on my folders?
After some more googling and further going through the error and access log of my httpd I found this link speak the same problem too http://serverfault.com/questions/390...ge-named-cache. Thus I can see it is any issue with the client browser and not my server?
As per http://code.google.com/p/chromium/is...?id=132059#c47 this seems to be caused by the "Ginyas Ltd. Browser Companion" (extension ID bodddioamolcibagionmmobehnbhiakf) browser helper object (HBO) commonly called "Browser Companion Helper" which affects common browsers like Google Chrome, Internet Explorer, and Mozilla Firefox. Indeed it is a client side issue and does not harm the server. Three ways to deal with this I can see: 0) ignore these requests as harmless, 1) block them or 2) alert users their browser is infected by using a rewrite in the httpd.conf (performance-wise avoid using .htaccess files). Should look something like this:
Code:
RewriteEngine On
RewriteRule ^cache/?$ /yourbrowserisinfected.html [NC]
The hardening part I have done is that to stop using normal user name password, putting the machine behind a firewall thus only port 80 is open and to access the machine via ssh it to be via vpn. In additonal it is minimal install centos 6.3 and directory browsing have been blocked too. I have also install mod_secure which claims to protect the apache server.
Now I remember who you are. You had 2 breaches of security in one year and Noway2 and I spent about 2 months getting you to re-install from scratch and configure your machine(s) last year, according to the detailed list of basic OS hardening steps we sent you. Asserting you actually completed that please provide an inventory using servdoc 1.0rc1 and a local check with Tiger 3.2.3 (attach to email and send to my address). Even though you have mod_security running (which is good) please also review the tips at http://httpd.apache.org/docs/2.4/mis...rity_tips.html and as it's often not Apache itself but what you run on top of it do run a basic Nikto 2.1.5 check.
Dear Unspawn,
Ok I will take some to grab regarding mod_rewrite as this are something new to me. Yes you recognise me well. I am not too sure how you want me to use both servedoc.1.Orc1 as I have downloaded it ready. Must I install it? I will read the tips given at the apache site and also the Nikto I have download so what should I do install it?
You can run ServDoc without installing it and it only requires Perl. Commonly tar balls include files called README and INSTALL containing detailed instructions what to do.
Dear Unspawn,
Give me some time to go through it and run it first. How about the Tiger I gone to to this link http://download.savannah.gnu.org/rel...tiger/?C=M;O=D . I guess to pick the latest file right? Thank you.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.