[LON-CAPA-dev] final update on LON-CAPA and linux.slapper.worm
Tue, 17 Sep 2002 15:36:19 -0400
1. linux.slapper.worm was released onto the world on September 13, 2002.
2. This can only infect apache web servers that are running SSL.
3. The LON-CAPA server that was infected with linux.slapper.worm
was running SSL.
4. Most LON-CAPA servers do not run SSL by default.
THEREFORE YOU PROBABLY HAVE NOTHING TO IMMEDIATELY WORRY ABOUT.
To check this,
cd /etc/httpd/conf; grep '^[[:space:]]*SSL' *.conf
If you see nothing, you are okay.
5. All of RedHat's SSL RPMs (even the up-to-date ones) are insecure
and vulnerable to linux.slapper.worm.
6. If you believe, in principle, that security should involve BOTH a
solid configuration PLUS secure software packages, you could
check out the following sites:
(Generally, PLD and Mandrake RPMs work okay on RedHat systems....)
and, for extra credit, we might convince Martin to build a new RPM from
7. I would expect RedHat to release secure openssl packages within
the next week.
How the LON-CAPA source code is changing to make these issues better
in the long-run:
8. Based on code changes done last week, CHECKRPMS is set up to
automatically e-mail administrators (as defined in
/etc/httpd/conf/loncapa.conf) every day in case of RPMs being
9. Now...if only there were some way to convince RedHat to religiously
update all their RPMs with security patches, the solution in #8 would be
Scott Harrison, email@example.com