On 4/8/07, Orr Dunkelman <[EMAIL PROTECTED]> wrote:
You will also need to install everything from scratch (and I suggest you init. your bios as well).
Flashing your BIOS for no real need (and the attack you're talking about is purely theoretical) is calling for trouble. While it's fun to play the "how can you totally 0wn a server?" mental game, let's stick to what's really done in real life attacks.
Try running them (including the web server itself) in chroot.
Alternatively, at least consider limiting Apache a bit: 1) Run it with an SELinux policy (FC3 and upwards supports SELinux; not sure about FC2) 2) Limit, with iptables uid-owner/gid-owner rules, the network sites which Apache can initiate a connection to. While this will add a maintenance overhead for web apps which pull data from remote servers, it'll also break many common attacks, e.g.: - some pre-made attack scripts rely on making, say, your broken PHP webapp, download the full-fledged backdoor program from a remote server owned by the attacker - one reason to attack might be to set up a spam zombie; By refusing outgoing traffic, it couldn't contact port 25 on other machines. Depending on your web apps, those limitations might be an unacceptable overhead. Or you might flex them a bit, e.g. chose to always allow port 80 but not other ports. Also, they don't aim to give hermetic security, just to cripple your environment just enough to frustrate an attacker or make your machine useless for his needs.
