Unix domain socket firewall

Posted by lagab on Server Fault See other posts from Server Fault or by lagab
Published on 2011-03-14T07:23:23Z Indexed on 2011/03/14 8:12 UTC
Read the original article Hit count: 332

Filed under:
|
|

Hello, everyone.

I've got a problem with my debian server. Probably there is some vulnerable script at my web-serser, which is running from www-data user. I also have samba with winbind installed, and samba is joined to windows domain.

So, probably this vulnerable script allows hacker to bruteforce out domain controller through winbind unix domain socket.

Actually I have lots of such lines at netstat -a output:

unix 3 [ ] STREAM CONNECTED 509027 /var/run/samba/winbindd_privileged/pipe

And our DC logs contain lots of recorded authentication attems from root or guest accounts.

How can I restrict my apaches access to winbind? I had an idea to use some kind of firewall for IPC sockets. Is it possible?

© Server Fault or respective owner

Related posts about linux

Related posts about apache