Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am working on a linux server. Is there any tool using which we can block outgoing http traffic based on particular keywords. For example, if we have a webpage that contains the word "creditcard", the outgoing traffic from the webserver to the end user's browser should be blocked.
I am working on a linux server. Is there any tool using which we can block outgoing http traffic based on particular keywords. For example, if we have a webpage that contains the word "creditcard", the outgoing traffic from the webserver to the end user's browser should be blocked.
Please advice...
Wow, that's a nice challenge for you: just create that program. Linux comes with lots of compilers to get this job done.
What you are proposing here is censorship. It's against the nature of Linux, where we cherish the freedom for all. Perhaps ypu can ask how Google do these things for the totalitarian regimes they prefer to support.
If you don't want people to retrieve that kind of information from your servers, just make sure that that kind of information was not available in the first place.
Wow, that's a nice challenge for you: just create that program. Linux comes with lots of compilers to get this job done.
What you are proposing here is censorship. It's against the nature of Linux, where we cherish the freedom for all. Perhaps ypu can ask how Google do these things for the totalitarian regimes they prefer to support.
If you don't want people to retrieve that kind of information from your servers, just make sure that that kind of information was not available in the first place.
Taking measures against disclosure of sensitive information could hardly be described as censorship IMHO. While it's clear that nothing beats making sure the information isn't there to begin with, security works well when done in layers. As a side note, application layer solutions such as ModSecurity include these sort of features:
Quote:
ModSecurity can also monitor outbound data and identify and block information disclosure issues such as leaking detailed error messages or Social Security Numbers or Credit Card Numers.
ok...I guess I need to explain this.
Suppose a person has managed to upload a phishing page (For. e.g. a Bank) that asks users for credit card details. The phishing page has a textbox named "creditcard" (where users enter credit card details), then the server's attempt to send the page to the end user's browser should be blocked.
I hope this explains my requirement. I already have snort installed in the server. Is this of any use in my case ?
What you are proposing here is censorship. It's against the nature of Linux, where we cherish the freedom for all.
Who is this "we?" Certainly not me and certainly not you. I bet your servers aren't open to the public. Why else would you be interested in a security forum? You employ censorship to keep people out. If you cherished the "freedom for all" your servers would have no security; everybody would have root access.
If more admins would monitor and restrict outgoing traffic there could be a lot less spam and illegal/fraudulent activity on the internet.
"The nature of Linux" is whatever someone can get it to do (or not do).
ok...I guess I need to explain this.
Suppose a person has managed to upload a phishing page (For. e.g. a Bank) that asks users for credit card details. The phishing page has a textbox named "creditcard" (where users enter credit card details), then the server's attempt to send the page to the end user's browser should be blocked.
I hope this explains my requirement. I already have snort installed in the server. Is this of any use in my case ?
Snort can alert based on rules, so perhaps it can be used. However, the example is rather weak, and I hope you're not really basing security on it.
Because in what you stated, all someone would have to do, is rename that field to something else, like "Middlename" or "phone". What you call the variable is meaningless, if you have the source code. And if you're talking about what's on the form...replace the WORDS "Credit Card #", with a small image-file, SAYING those words. Same thing appears onscreen...but skates right past your filter.
To me, though, a filter like this is pointless, and will only really slow down your overall web performance. If you put good security practices in place on your server, harden it up, and make sure your server is only sending pages that YOU wrote, your problem is solved. Eliminate the holes, and the threat is eliminated too. But no matter what you do, that's not going to stop someone internally at your organization from stealing the info if they want it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.