Date: Tue, 5 May 2009 20:10:26 +0200 From: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net> To: freebsd-questions@freebsd.org Cc: Jeroen Hofstee <freebsd.questions@virtualhost.nl> Subject: Re: local security scanner for vulnerable common opensource www projects Message-ID: <200905052010.26393.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> In-Reply-To: <49FC4186.80608@virtualhost.nl> References: <49FC4186.80608@virtualhost.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 02 May 2009 14:50:14 Jeroen Hofstee wrote: > I tried to find a program which could scan the local filesystem and > extract a lists of well known > web projects (yoomla, wordpress etc), extract the installed version > number and match it against > a database of known vulnerabilities. Similiar to portaudit, but then for > the standard scripts users > install themselves. I was unable to find such a program in the ports. > > Does such an utilities exists for FreeBSD ? Not that I'm aware of and it's hell to write and keep current. There's 2 good policies for this kind of thing: - Don't allow any plugins of any kind to be installed via CMS/Gallery software etc. and deal with the complaints - Put them in a seperate jail and make sure client understands he's responsible for getting hacked and loosing hours of work by installing unsafe plugins. -- Mel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905052010.26393.mel.flynn%2Bfbsd.questions>