You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by Thomas Sjögren <th...@northernsecurity.net> on 2002/07/11 17:34:51 UTC
[PATCH] security_tips.html
I updated the Security Tips page with some information about the
importance of watching the logs.
Ps. Sorry for sending the wrong type of patch format last time.
Index: ./httpd-docs-2.0/manual/misc/security_tips.html
===================================================================
RCS file:
/home/cvspublic/httpd-2.0/docs/manual/misc/security_tips.html,v
retrieving revision 1.28
diff -u -r1.28 security_tips.html
--- ./httpd-docs-2.0/manual/misc/security_tips.html 19 Jan 2002
17:44:08 -0000 1.28
+++ ./httpd-docs-2.0/manual/misc/security_tips.html 11 Jul 2002
15:26:58 -0000
@@ -31,6 +31,8 @@
<li><a href="#protectserverfiles">Protect Server Files by
Default</a></li>
+
+ <li><a href="#watchyourlogs">Watching Your Logs</a></li>
</ul>
<hr />
@@ -278,6 +280,30 @@
</dl>
<hr />
+ <h2><a id="watchyourlogs" name="watchyourlogs">
+ Watching Your Logs</a></h2>
+
+ <p>To keep up-to-date with what is actually going on against your
server
+ you have to check the <a href="../logs.html">Log Files</a>.
+ Even though the log files only reports what has already happend,
they will give
+ you some understanding of what attacks is thrown against the server
+ and allows you to check if the necessary level of security is
present on your server.</p>
+
+ <p>A couple of examples:</p>
+ <ol>
+ <li><samp>grep -c "/jsp/source.jsp?/jsp/ /jsp/source.jsp??"
access_log</samp></li>
+ <li><samp>grep "client denied" error_log | tail -n 10 </samp></li>
+ </ol>
+
+ <p>The first example will list the number of attacks trying to
exploit the
+ <a href="http://online.securityfocus.com/bid/4876/info/">Apache
Tomcat Source.JSP Malformed
+ Request Information Disclosure Vulnerability</a>, the second
example will list the ten last denied clients, for example:</p>
+
+ <dl>
+ <dd><samp>[Thu Jul 11 17:18:39 2002] [error] [client foo.bar.com]
client denied by server configuration:
/usr/local/apache/htdocs/.htpasswd</samp></dd>
+ </dl>
+
+ <hr />
<p>Please send any other useful security tips to The Apache
Group by filling out a <a href="http://bugs.apache.org/">
problem report</a>. If you are confident you have found a
@@ -288,4 +314,5 @@
<p><!--#include virtual="footer.html" --></p>
</body>
</html>
+
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: [PATCH] security_tips.html
Posted by Thomas Sjögren <th...@northernsecurity.net>.
On Thursday 11 July 2002 20:52, Joshua Slive wrote:
> The format's good this time, except that your mailer wrapped the long
> lines, which makes the patch unapplyable.
So much for word wrap standards :/
The file is attached in text/plain format.
/Thomas
Re: [PATCH] security_tips.html
Posted by Joshua Slive <jo...@slive.ca>.
On Thu, 11 Jul 2002, Thomas [iso-8859-15] Sjögren wrote:
> I updated the Security Tips page with some information about the
> importance of watching the logs.
>
> Ps. Sorry for sending the wrong type of patch format last time.
The format's good this time, except that your mailer wrapped the long
lines, which makes the patch unapplyable. Could you see if you can fix
that and resend. (You can try sending it as an attachment, but make sure
that the attachement gets the mime-type text/plain.)
Joshua.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org