Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

merlyn started an excellent thread on writing secure Perl code here.

Two things that really ought to be considered when securing a box:

  1. Follow your software. You don't necessarily have to follow BUGTRAQ (although it's a damn good idea), but if you don't at least check for security patches every week for your OS and daemons, you're in trouble. The Code Red worm proliferated as widely and as quickly as it did mostly because systems weren't being patched to close the hole it exploited.

    Of course, very few of us have the time to constantly monitor software for available patches and upgrades, evaluate any patches that come along, and install the useful ones in a timely manner. That's where our favourite system-administration language (no, not ksh!) comes along. Some clever work with Mail::Audit can pull interesting-looking BUGTRAQ messages out of the noise for your attention, and a weekly cron job to check the status of your favourite packages from the FreeBSD Ports tree (or Freshmeat, or whatever) can at least spare you the burden of remembering to do it by hand. (When I get a few dozen round tuits, I'll finish and post my stuff.)

  2. If you're running an MTA, ferglubsakes make sure that your box isn't an open relay. Open relay abuse isn't as sexy a computer crime as your bog-standard remote root exploit (or VBscript worm), but it is an attack: someone's using your box without your authorization to do (very impolite) things you didn't intend it to do. Make sure your MTA's locked down, and nobody's going to have to blacklist you.

Update: Oh, and flame, flame for using the deprecated sense of hacker.

Update 2: So merlyn didn't provide any concrete, spelled-out "this is a common problem, this is how you solve it" examples in that node, but IMAO the "design for security" mindset is at least an order of magnitude more important than a cookbook approach based on checking off a list of common vulnerabilities. That said, the thread as a whole is more useful than merlyn's node taken by itself -- not the least thanks to cjf's response -- so I've changed the wording a bit.

The hell with paco, vote for Erudil!

In reply to Re: Security matters: keep thy doors closed! by FoxtrotUniform
in thread Security matters: keep thy doors closed! by vladb

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    [Discipulus]: genial! one day I' also understand it.. ;=)

    How do I use this? | Other CB clients
    Other Users?
    Others imbibing at the Monastery: (9)
    As of 2018-03-23 19:40 GMT
    Find Nodes?
      Voting Booth?
      When I think of a mole I think of:

      Results (296 votes). Check out past polls.