On Thu, 2005-03-03 at 08:18 +0000, Paul Howarth wrote:
You don't say which distribution this web server was running, but I suspect that if your Apache had been running under SELinux then the attacker would not have been able to run any scripts from /tmp or /var/tmp. So, when you rebuild the server, it would be well worth considering using SELinux.
You don't need SELinux for this, you could always mount /tmp with noexec flag.
And /var too, provided they're separate partitions. Another good reason not to install into just one big / partition.
Paul.
