Differences between current version and previous revision of AdvancedSecurityNotes.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 3 | Last edited on Wednesday, September 17, 2003 11:55:40 am | by PerryLorier | |
| Older page: | version 2 | Last edited on Wednesday, September 17, 2003 11:53:10 am | by PerryLorier | Revert |
@@ -20,4 +20,6 @@
use iptables(8) uid matching to disallow outgoing connections from system accounts. This prevents exploits from downloading more stuff (such as a local root exploit to get root) and is usually a very good indicator that your box is compromised and can be used to generate automatic notifications.
iptables --insert OUTPUT --jump DROP -m state --state NEW --uid-owner www-data
(note, check the above line, I've not tested it, although I've used the principle before).
+
+Remember to allow system accounts access to things such as SMTP on the local machine, and DNS if they require them. If you're running web mail, you'll also need access from the web server to imap for instance.
