Administration
  Home arrow Administration arrow Page 5 - Webserver Security (Part I)
Dev Shed Forums  
Administration  
AJAX  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Smartphone Development  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Mobile Linux  
App Generation ROI  
IBM® developerWorks  
Forums Sitemap  
E-Commerce Hosting  
Linux Web Hosting  
Managed Hosting  
Small Business Hosting  
VPS Hosting  
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid  
Request Media Kit
Contact Us  
Site Map  
Privacy Policy  
Support  
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
Google.com  
ADMINISTRATION

Webserver Security (Part I)
By: Kristian Kohntopp
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: starstarstarstarstar / 2
    2000-04-19


    Table of Contents:
  • Webserver Security (Part I)
  • The server offers services it was not intended to
  • Dumping a zone using nslookup
  • Other Helpful Tools
  • rpcinfo query to www.example.server
  • Remote SNMP queries
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      error-file:tidyout.log Del.ici.ous error-file:tidyout.log Digg
      error-file:tidyout.log Blink error-file:tidyout.log Simpy
      error-file:tidyout.log Google error-file:tidyout.log Spurl
      error-file:tidyout.log Y! MyWeb error-file:tidyout.log Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article

    		 
     
    ADVERTISEMENT

    Webserver Security (Part I) - rpcinfo query to www.example.server
    ( Page 5 of 6 )

    Using rpcinfo and showmount (Linux: also kshowmount in some installations) you may query which services the sunrpc service of your machine offers. If NFS is running, it is possible to get a list of exported filesystems from the server. 
    # rpcinfo -p www.example.server
   program vers proto   port
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    As can be seen, the sunrpc service of www.example.server is talking to external machines like ours. This is unnecessary and can be blocked by installing a rpcbind program with access control or by configuring the firewall.

    Because the NFS defaults are as braindead as the behaviour of NFS in case of syntax errors in the configuration file, it is a very common error to export filesystems completely unprotected and world writeable. Here a particularly severe case: 
    # /usr/sbin/kshowmount -e center2.sample-university.net
Export list for center2.sample-university.net:
/usr/lib/cobol       (everyone)
/usr/sys/inst.images (everyone)
/stadtinf            (everyone)
/var/spool/mail      (everyone)
/usr/lpp/info        (everyone)
/usr/local           (everyone)
/pd-software         (everyone)
/u1                  (everyone)
/user                (everyone)
/fix                 (everyone)
/u                   (everyone)
/ora                 rzws01
/install             (everyone)
/ora-client          192.168.15.20
    All directories listed as "everyone" are wide open. This includes "/var/spool/mail", containing life mail from several hundred users as well their homes under "/u" and "/u1". Also writeable are "/usr/local" and "/usr/lib/cobol", making is very easy to install trojans. This system can be taken by anyone without noticeable resistance. By manipulating software under "/install", you will probably subvert additional clients produced from the images stored in this tree. This particular system will make a fine base to trade warez and is an ideal system to launch attacks against other sites. Does their insurance company cover the damages which will follow? Does yours?



    Discuss Webserver Security (Part I)
     
    >>> Be the FIRST to comment on this article!
     


     
     
    >>> More Administration Articles          >>> More By Kristian Kohntopp
     

       

    ADMINISTRATION ARTICLES

    - Network Booting via PXE: the Basics
    - Scalix: Linux Administrator`s Guide
    - Network Administration with FreeBSD 7
    - Components of an Information Architecture
    - The Anatomy of an Information Architecture
    - Configuring Load-Balanced Clusters
    - Load-Balanced Clusters
    - UNIX Time Format Demystified
    - Making Changes in the CVS
    - Building Your First CVS Repository
    - CVS Quickstart Guide
    - Authorizing Users in Samba
    - Handling User Accounts in Samba
    - Authentication in Samba
    - Accounts, Authentication, and Authorization
    Find More Administration Articles




    © 2003-2009 by Developer Shed. All rights reserved. DS Cluster 4 Hosted by Hostway
    For more Enterprise Application Development news, visit eWeek