paths like /proc/self/environ , /etc/passwd and /var/log/auth.log are targeted by the attackers.
how can I hide those files ( passwd ) ( environ ) ( auth.log ) to be not include in LFI attack
Asked
Active
Viewed 327 times
-3
Sec Researcher
- 27
- 5
-
2Can you clarify what you are asking here. Do you mean how do I restrict access to particular directory locations? That's more likely to be a Stack Overflow question. We do have posts on Hardening Linux in general, which may help, but your question is unclear. Please edit it to make it clear. – Rory Alsop Nov 06 '15 at 14:37
-
The account the web server is running as should not have permissions to read those locations. That's the standard way to do what you *appear* to be asking. – schroeder Nov 06 '15 at 18:39
1 Answers
1
This seems like an illogical question with a wrong mindset. (No offence!)
I suggest to prevent LFI attacks at all times. Hiding files is security by obscurity and this should be prevented at all times.
Proper permission should be set to the mentioned folders so the user www-data or apache can't access them (with newer operating systems this should the case)
This can't be done for the /etc/passwd file as this file should be readable for all users.
Jeroen
- 5,783
- 2
- 18
- 26