nixCraft Linux Forum

nixCraft

Linux Tech Support Forum

How to Prevent Uploading Perl Scripts in /tmp Directory

This is a discussion on How to Prevent Uploading Perl Scripts in /tmp Directory within the Web servers forums, part of the Mastering Servers category; Dear List, I had implemented Mod Security 1.9 in a Debian 3 Server. My Apache Version is 1.3, and log ...


Go Back   nixCraft Linux Forum > Mastering Servers > Web servers

How to Prevent Uploading Perl Scripts in /tmp Directory How to Prevent Uploading Perl Scripts in /tmp Directory

Register FAQ Members List Calendar Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 06-22-2007, 05:11 PM
Junior Member
User
  
Join Date: Nov 2006
Posts: 3
Rep Power: 0
bipinkdas
Question How to Prevent Uploading Perl Scripts in /tmp Directory
Dear List,

I had implemented Mod Security 1.9 in a Debian 3 Server. My Apache Version is 1.3, and log says that its working fine. I had secured my /tmp /var/tmp /dev/shm directories. And umounted in /etc/fstab. But Yesterday,one attacker had upload a perl script into my /tmp directory.
Please let me know which SecFilter rule should I add to prevent a intruder to uploading Perl/Sh/Chsh scripts into the /tmp directories.

Thanks in Advance.
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 06-25-2007, 08:57 PM
monk's Avatar
Senior Member
User
  
Join Date: Jan 2005
Location: Tibet
My distro: Debian GNU/Linux
Posts: 481
Rep Power: 5
monk will become famous soon enough monk will become famous soon enough
Default
The best way to avoid /tmp upload is mount tmp on its own partition and setup noexec mount flag. Also make sure you run susexe for PHP.

Ultimate solution is install mod_security for Apache and chroot jail (it may not not work with CP such as Plesk)

Hope this helps
__________________
May the force with you!
Reply With Quote
Reply

Bookmarks

« LAMP set up | Redirect + Rewrite Problem in Lighttpd »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads

Thread Thread Starter Forum Replies Last Post
Prevent users from storing data into local hdd bubloob_13 Windows Xp/2000/2003 server administration 0 11-16-2007 04:41 PM
How do I prevent the normal users creating alphabetic password saro_113 Shell scripting 2 08-30-2007 10:34 AM
Prevent root user from being able to log in via SSH service' swillet HP-UX 2 07-17-2007 07:33 PM
Linux prevent the reuse of old passwords chimu Linux software 3 05-14-2007 05:49 PM
script for uploading files to a FTP server marinm Shell scripting 7 01-02-2006 07:35 PM


All times are GMT +5.5. The time now is 05:32 AM.

Contact Us - Linux answers from nixCraft - Archive - Top

Powered by vBulletin® Version 3.7.2 - Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.2.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36