[LON-CAPA-admin] final update on LON-CAPA and linux.slapper.worm
Scott Harrison
sharrison at users.sourceforge.net
Tue Sep 17 15:36:19 EDT 2002
Dear All:
Closure.
1. linux.slapper.worm was released onto the world on September 13, 2002.
http://www.f-secure.com/v-descs/slapper.shtml
2. This can only infect apache web servers that are running SSL.
3. The LON-CAPA server that was infected with linux.slapper.worm
was running SSL.
4. Most LON-CAPA servers do not run SSL by default.
THEREFORE YOU PROBABLY HAVE NOTHING TO IMMEDIATELY WORRY ABOUT.
To check this,
cd /etc/httpd/conf; grep '^[[:space:]]*SSL' *.conf
If you see nothing, you are okay.
5. All of RedHat's SSL RPMs (even the up-to-date ones) are insecure
and vulnerable to linux.slapper.worm.
6. If you believe, in principle, that security should involve BOTH a
solid configuration PLUS secure software packages, you could
check out the following sites:
(Generally, PLD and Mandrake RPMs work okay on RedHat systems....)
ftp://ftp.rpmfind.net/linux/PLD/test/i386/openssl-0.9.6f-1.i386.rpm
ftp://ftp.rpmfind.net/linux/PLD/test/i686/openssl-0.9.6f-1.i686.rpm
ftp://ftp.rpmfind.net/linux/Mandrake-devel/cooker/i586/Mandrake/RPMS/openssl-0.9.6g-1mdk.i586.rpm
and, for extra credit, we might convince Martin to build a new RPM from
http://www.openssl.org/source/
7. I would expect RedHat to release secure openssl packages within
the next week.
.
.
.
How the LON-CAPA source code is changing to make these issues better
in the long-run:
8. Based on code changes done last week, CHECKRPMS is set up to
automatically e-mail administrators (as defined in
/etc/httpd/conf/loncapa.conf) every day in case of RPMs being
out-of-date.
9. Now...if only there were some way to convince RedHat to religiously
update all their RPMs with security patches, the solution in #8 would be
complete.
Regards,
Scott
--
Scott Harrison, sharrison at users.sourceforge.net
More information about the LON-CAPA-admin
mailing list