local security scanner for vulnerable common opensource www
projects
Mel Flynn
mel.flynn+fbsd.questions at mailing.thruhere.net
Tue May 5 18:10:29 UTC 2009
On Saturday 02 May 2009 14:50:14 Jeroen Hofstee wrote:
> I tried to find a program which could scan the local filesystem and
> extract a lists of well known
> web projects (yoomla, wordpress etc), extract the installed version
> number and match it against
> a database of known vulnerabilities. Similiar to portaudit, but then for
> the standard scripts users
> install themselves. I was unable to find such a program in the ports.
>
> Does such an utilities exists for FreeBSD ?
Not that I'm aware of and it's hell to write and keep current.
There's 2 good policies for this kind of thing:
- Don't allow any plugins of any kind to be installed via CMS/Gallery software
etc. and deal with the complaints
- Put them in a seperate jail and make sure client understands he's
responsible for getting hacked and loosing hours of work by installing unsafe
plugins.
--
Mel
More information about the freebsd-questions
mailing list