Unix domain socket firewall
Posted
by
lagab
on Server Fault
See other posts from Server Fault
or by lagab
Published on 2011-03-14T07:23:23Z
Indexed on
2011/03/14
8:12 UTC
Read the original article
Hit count: 332
Hello, everyone.
I've got a problem with my debian server. Probably there is some vulnerable script at my web-serser, which is running from www-data user. I also have samba with winbind installed, and samba is joined to windows domain.
So, probably this vulnerable script allows hacker to bruteforce out domain controller through winbind unix domain socket.
Actually I have lots of such lines at netstat -a output:
unix 3 [ ] STREAM CONNECTED 509027 /var/run/samba/winbindd_privileged/pipe
And our DC logs contain lots of recorded authentication attems from root or guest accounts.
How can I restrict my apaches access to winbind? I had an idea to use some kind of firewall for IPC sockets. Is it possible?
© Server Fault or respective owner