Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi !!
I want to check my sites security so what I did is I ran nmap and saw some open ports now how can I check what vulnerability and exploits I can run against those open ports and see how my site or computer behaves?
LQ ain't the place to ask for exploits or URI's to exploits. We're not that kind of board.
Besides that, if it's a live site, then I would advice against testing security that way. If runnin Nessus ain't enough, and you think it necessary to run exploits, please set up a box on your private and secured LAN to toy with, or run something like UML to curb risks wrt to unpredictable behaviour. Also, what tools have you loaded/put into place to "see how your site or computer behaves"? Are you sure you'll be capturing all changes made with those? And how are those possibly vulnerable daemons configured? Running as root? Chrooted?
If you want to check if a particular version of an application is vulnerable, consult the docs (like syslog-ng mentions a few angles of attack for instance), your vendors security reports and/or ask on their mailinglists/boards/NG's, look in the CVE database, or any respectable security site.
If you're willing to post a list in the form of name+version+release I'm sure we could help find out if these are vulnerable.
can u please explain to me some words that u used ? uml,curb,chrooted cve.
so where can I find exploits? LQ is not the place to ask for exploits or URI's to exploits. We're not that kind of board. (This also means members shouldn't post URI's here.)
Originally posted by h1tman cant secure it if your not testing it against exploits.
Apparently your not understanding what unSpawn and markus1982 are trying to make aware here on this thread and question.
Do not encourage exploiting on this site please, like we mentioned before, we don't do that here. There are better and more helpful ways to educate others on securing their Linux machines other than exploiting.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.