env_audit |
|||
|
Download: White Paper: |
Env_audit is a program that ferrets out everything it can about the environment. It is ideal for looking for security problems due to misconfiguration or software bugs. Software developers that write any program that shells out to run a command should be audited with this software. It looks for all process IDs, supplemental groups, working directory & umask, process priority, signal masks, environmental variables, rlimits, posix capabilities, and leaked file descriptors. The leaked descriptors will identify: regular files, directories, character or block devices, fifo/pipes, sockets, and Sun door descriptors. It comes with test configurations or instructions for: anacron, atd, crond, dtterm, gdb, inittab, logrotate, php, pppd, procmail, rxvt, sendmail, sshd, stunnel, su, sudo, XFree86, xinetd, and xterm. Apache tests include: mod_auth_external, mod_cgi, mod_include, mod_perl, and mod_php. env_audit 2,0 has new features that let's you perform audits that weren't possible before. It comes with a library that can be preloaded via LD_PRELOAD and it intercepts all calls to popen, system, and exec. It performs an audit at that point and stores them away in a sequentially numbered scheme. Then you can run env_post to do the post processing work to create a report over the whole run. Here's an example of running startx with gnome as the default manager on a Red Hat 9 system.. Download the latest copy: env_audit-2.0.tar.gz (Dec 29, 2003) Or download an older copy: env_audit-1.05.tar.gz (Nov 11, 2002)
White Paper - Abstract I have released a white paper outlining the use of env_audit in conducting a survey of process environments of well known public programs. It includes: apache 2.x, php, stunnel, pppd, gdb, and xinetd among others. The paper exposes problems with these programs. Of these, the problems in apache 2.x are the worst and in need of attention. If you use any of the above mentioned programs, you should read the report ! environments.pdf (~300k, Nov 20, 2002) This page was last updated: 09 August, 2004
|
||