xinetd Services & security errata
Services controlled by the xinetd super service only run when a there is an active connection. Examples of services controlled by xinetd include Telnet, IMAP, and POP3.
Because new instances of these services are launched by xinetd each time a new request is received, connections that occur after an upgrade are handled by the updated software. However, if there are active connections at the time the xinetd controlled service is upgraded, they are serviced by the older version of the software.
To kill off older instances of a particular xinetd controlled service, upgrade the package for the service then halt all processes currently running. To determine if the process is running, use the ps command and then use the kill or killall command to halt current instances of the service.
For example, if security errata imap packages are released, upgrade the packages, then type the following command as root into a shell prompt:
This command returns all active IMAP sessions. Individual sessions can then be terminated by issuing the following command:
If this fails to terminate the session, use the following command instead:
Tags: errata, Security, Services, xinetd
SysV Services In Redhat
SysV services are persistent server programs launched during the boot process. Examples of SysV services include sshd, vsftpd, and xinetd.
Because these programs usually persist in memory as long as the machine is booted, each updated SysV service must be halted and relaunched after the package is upgraded. This can be done using the Services Configuration Tool or by logging into a root shell prompt and issuing the /sbin/service command as in the following example:
/sbin/service [ service-name ] restart
/sbin/service ssh restart
In the above example, replace with the name of the service, such as sshd.
Tags: redhat, Services, SysV
IP Spoofing
A remote machine acts as a node on your local network, finds vulnerabilities with your servers, and installs a backdoor program or trojan horse to gain control over your network resources.
Spoofing is quite difficult as it involves the attacker predicting TCP/IP sequence numbers to coordinate a connection to target systems, but several tools are available to assist crackers in performing such a vulnerability.
Depends on target system running services (such as rsh, telnet, FTP and others) that use source-based authentication techniques, which are not recommended when compared to PKI or other forms of encrypted authentication used in ssh or SSL/TLS.
Tags: IP, spoofing
Shared Libraries
Shared libraries are units of code, such as glibc, which are used by a number of applications and services.
Applications utilizing a shared library typically load the shared code when the application is initialized, so any applications using the updated library must be halted and relaunched.
To determine which running applications link against a particular library, use the lsof command as in the following example:
This command returns a list of all the running programs which use TCP wrappers for host access control. Therefore, any program listed must be halted and relaunched if the tcp_wrappers package is updated.
Tags: Libraries, Shared
How to list all the loaded modules in apache
We can use the following command to list all the loaded modules in apache (both DSO and Static)
This example is from a debian box using apache2.
host ~:
apache2ctl -t -D DUMP_MODULES
Loaded Modules:
core_module (static)
log_config_module (static)
logio_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
alias_module (shared)
auth_basic_module (shared)
authn_file_module (shared)
authz_default_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cgi_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
mime_module (shared)
negotiation_module (shared)
php5_module (shared)
setenvif_module (shared)
status_module (shared)
Syntax OK
Tags: Apache, list, loaded, Modules
