Cham911
Sep 11 2008, 08:25 PM
Hey everyone,
Sorry for the noob question. I seem to have someone using Apache to put perl scripts in my /tmp directory. I've made the tmp noexec as of a coupel days ago, but would really like to find the offending script, or place where they are exploiting.
Any suggestions on where to start, would be helpful.
Thank you
dynamicnet
Sep 12 2008, 02:14 PM
Greetings:
The hardening of tmp can be bypassed.
I do recommend checking the Apache logs (access / transfer) to see if you are hosting a particular site that has insecure perl/CGI or PHP code allowing such uploads.
Thank you.
GatorZach
Sep 12 2008, 02:54 PM
Little trick I used to do is to replace /usr/local/bin/perl with a script that logged to a file instead of executing perl code.
You might want to look at
perlsec too.