From owner-freebsd-security Sat Jun 22 15:59:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [63.229.157.2]) by hub.freebsd.org (Postfix) with ESMTP id B156F37B401 for ; Sat, 22 Jun 2002 15:59:16 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id QAA07468; Sat, 22 Jun 2002 16:58:55 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020622165052.02209380@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Sat, 22 Jun 2002 16:57:36 -0600 To: , From: Brett Glass Subject: Re: Apache FreeBSD exploit released Cc: In-Reply-To: <3177.66.171.47.179.1024786088.squirrel@webmail.allneo.com> References: <20020622125713.547c2546.kzaraska@student.uci.agh.edu.pl> <20020622125713.547c2546.kzaraska@student.uci.agh.edu.pl> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 04:48 PM 6/22/2002, jps@funeralexchange.com wrote: >Anyone know of any ports or tools i could use on my servers to watch out >for something like this? You can probably use some of the ideas I presented at the January BSDCon. Either the Apache SetEnvIf regexes or the SNOBOL log monitor will work for this one. See http://www.brettglass.com/logmonitors/paper.html for more. --Brett P.S. -- I'm still working on the replacement logging system mentioned in that paper. It has an entirely new architecture; the hard part has been backward compatibility with older Unices and with programs that expect to communicate with syslogd. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message