[Tfug] RH Linux virus software

Zack Williams zdwzdw at gmail.com
Thu Jul 30 13:00:08 MST 2009


>> BTW, to go along with anecdotal evidence, I have had a linux server
>> rooted by a worm before that got in through wuftpd.  Oh wuftpd.. how I
>> hate you.  Does redhat STILL use it by default, or have they finally got
>> their heads out of their... posteriors?
>
> Was the box you're referring to out of date or was is a fully patched
> box that had gotten hit by a 0-day exploit?

As an aside, there are proactive security steps people take to avoid
0-day problems, running daemons chrooted or jailed, or under
role-specific accounts.

It's also a good idea to select software based on it's security
history if that is of paramount concern - for example, OpenBSD and
Qmail might be a better choice than Linux and Sendmail in a security
conscious environment.

> If the box was not patched, that's not wuftpd's fault, that's your
> fault... that's like saying "Apache sucks" because your box got rooted
> because you hadn't applied patches....

Keeping up to date is important, but if software has a history of
security issues, you may want to be very careful in how you choose to
deploy and maintain it.   Often this means making configuration
decisions different from those of the standard distribution, and being
more conscious of the security/maintenance trade offs you're making.

- Zack




More information about the tfug mailing list