How many... Post: 5391

Sponsored Content

Special Forums Cybersecurity How many... Post 5391 by LivinFree on Tuesday 14th of August 2001 04:50:20 AM

08-14-2001

Registered User

How many...

How many of these folks posting on here (newbies - trying to get their first Unix-like box online) do you think have taken the time to learn the ins-and-outs of tcp_wrappers, or inetd, or even simple init-scripts? Maybe I'm overreacting here, but since I've spent my time on "the other side of the wall" with security, that really concerns me.

I think new readers should check out this simple wake-up call, and at least learn how to turn off all services - turn them on again when you know what to do with them.
http://machineofthemonth.org/articles/a71/index.html
A poster recently touched upon the honeynet project - remote root access within 15 minutes on a default Redhat install (sure, it was 6.2, but 7.x isn't all that different).

How can we get word out about this without sounding like preachers? I would just hate to see someone's great new Unix-experiance muddled with the bitter taste of a cracking attack.

Any ideas?

-LivinFree

LivinFree

View Public Profile for LivinFree

Find all posts by LivinFree

LEARN ABOUT DEBIAN

micro-httpd

micro-httpd(8)							   User Commands						    micro-httpd(8)

NAME

       micro-httpd - really small HTTP server

SYNOPSIS

	 micro-httpd DIRECTORY

OPTIONS

       None.

DESCRIPTION

       micro-httpd is a very small HTTP server all in 150 lines of code. It runs from inetd, which means its performance is poor. But for low-
       traffic sites, it is quite adequate. It implements all the basic features of an HTTP server, including:

	   *  Security against ".." filename snooping.
	   *  The common MIME types.
	   *  Trailing-slash redirection.
	   *  index.html
	   *  Directory listings.

       To install it, add a line like this to /etc/inetd.conf:

	   micro-http  stream tcp nowait nobody 
	      /usr/sbin/micro-httpd micro-httpd dir

       Make sure the path to the executable is correct, and change "dir" to be the directory you want to serve. You could add line like this to
       /etc/services:

	   micro-http	port/tcp   #Micro HTTP server

       Change "port" to the port number you want to use: 80, 8000, whatever.  Restart inetd by sending it a "HUP" signal.

       On some systems, inetd has a maximum spawn rate - if you try to run inetd services faster than a certain number of times per minute, it
       assumed there is either a bug of an attack going on and it shuts down for a few minutes. If you run into this problem - look for syslog
       messages about too-rapid looping - you will need to find out how to increase the limit. Unfortunately this varies from OS to OS. On
       FreeBSD, you add a "-R 10000" flag to inetd's initial command line. On some Linux systems, you can set the limit on a per-service basis in
       inetd.conf, by changing "nowait" to "nowait.10000".

       Note that you can use micro-httpd to serve HTTPS, if you like, by running it from stunnel. First fetch and install stunnel - FreeBSD users
       can just go to /usr/ports/security/stunnel and do a "make cert ; make install". Then as root run:

	   stunnel -p /usr/local/certs/stunnel.pem -d 443 -l 
	      /usr/sbin/micro-httpd --	micro-httpd dir

       Make sure the paths to the certificate and executable are correct, and again don not forget to change "dir" to the directory you want to
       serve.

ENVIRONMENT

       None.

FILES

       None.

SEE ALSO

       inetd(8) micro-inetd(8) xinetd(8)

AUTHORS

       Copyright (C) 1999 Jef Poskanzer <jef@mail.acme.com>. All rights reserved.

       This manual page was updated by Jari Aalto <jari.aalto@cante.net>.  Released under license GNU GPL v2 or (at your option) any later
       version. For more information about license, visit <http://www.gnu.org/copyleft/gpl.html>.

micro-httpd							    2012-04-03							    micro-httpd(8)