LinuxSecurity.com: Linux Security Week, July 3rd 2000Jul 03, 2000, 11:15 (0 Talkback[s])
(Other stories by Benjamin D. Thomas)
"This week, several other vendors released patches for the wu-ftp vulnerability. If you're not already familiar with this problem, it exists in wu-ftpd's handling of the SITE EXEC command. The default configuration of wu-ftpd is vulnerable to remote users gaining root access. Also, SuSE released a kernel update to fix the capabilities problem in 2.2.x < 2.2.16."
"In the news, the article "Securing Your Web Pages with Apache," provides helpful information for users who wish to implement Apache's access control methods. It covers authentication, authorisation, IP restriction, labeling, inheritance, and other methods. If you have any outstanding questions regarding Apache's security model, this may be just the article for you."
"Our feature this week, "Simple Commands for Intrusion Detection," by Benjamin Thomas, explains how the use the Linux commands: w, who finger, last, ps, and ifconfig as a first step toward intrusion detection. Although this feature is targeted toward security newbies, seasoned security gurus may find it helpful."