> Well that is a tall order because it depends on a lot of veriable, i.e. > what version of ssh, what kind of MTA (sendmail, postfix, etc.) and what > version, what kind and version of a web server. You are probably running > apache (I am not going to check) for your web server. You could start by > looking at web pages for the particular servers you are running. These > pages, for example, apache or sendmail, will tell you about possible > exploits and updates. > > In general, you might want to look at http://www.snort.org. They have a > lot of links for the kind of stuff you might want to be aware of, and > the have one hell of a nice program for monitoring all packets coming at > these open ports called snort. I think I saw some package MDK 8.2 is > coming with, something called prelude. I am a confirmed user of snort > but prelude, and their home page should help also. >
I've been playing around with the kernel sources shipped with Mandrake 8.2. In it I noticed a lot of new experimental security features that can prevent certain attacks. Many recent exploits have been related to buffer overflows and allowing an elevated process to run code from other memory pages. There was one particular config that would help prevent this. Over the next couple weeks I'm going to try installing some of the kernel security features and then testing broken applications and servers to see if damage is minimized.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
