is there a free security audit tool for LAMP server - a tool

Einfach Dinge, die nichts mit XAMPP, Apache Friends, Apache, MySQL, PHP und alle dem zu tun haben. Allerlei halt. ;)

is there a free security audit tool for LAMP server - a tool

Postby unleash_it » 19. January 2020 22:19

hello dear Community, good day dear experts,.


the topic to day: Free security audit tool for LAMP server?


I've you are running websites on a dedicated LAMP server (eg. Ubuntu or some other systems) with several Drupal and Wordpress and
probably Joomla-installations on it you probably thought of a security audit tool for this LAMP server?

question; Is there a free tool, which could scan my server with all websites and generate automatic reports about discovered security vulnerabilities?

thesis: Prevention is much much better than cure. therefore we need to start with the prevention-steps first.

first: malicious hackers typically try to find vulnerabilities and security weaknesses on our WordPress websites.

They use automated software and scripts to do these kind of jobs. We have the options to prevent them doing so. We can do steps to avoit the intrusion.

step one: scan the website and detect possible old and vulnerable plugins, themes or WordPress core, or terrible brute force attack on the servers and additionally on the WordPress website

The hacker try to find out weak and broken credentials (and yes: this is pretty important - we need to enforce strong password policies),

step two: try to detect automated WordPress Security Scans: find out what goes on on the webserver.
shed a light on the processes. example: an automated scanner can send thousands and thousands of HTTP requests.
All of these mentioned requests are aimed only by one goal. They try to exploit known vulnerabilities in WordPress.

- in a theme
- in a plugin or somewehere elese
- or hence due to bad bad passwords do other harm to the server or the sites.

the above mentioned script can help here: we can use / or create a script that runs periodically - eg. daily weekly or so.. .we have to find out the best intervals or periods (well the good thing s that we can make use of some so called cron or some other mechanism), that would checksum all files, and compare the checksums with a previously stored record, then notify you if there are differences.

With such security-steps we can try to protect the wordpress-sites and try to identify insecure WordPress defaults
that could give them some leverage against the server or the website.

conclusio: We need to find security weaknesses that could give the attackers some ideas and futher information to help them launch more sophisticated attack,

among them are:

- store malicious files on your system,
- leftover files,
- database exports - in other words - stolen data from the db and subsequently
- disclosure of important and probably also sensitive information.


so the question is: is there a free security audit tool for LAMP server - a tool that supports the detecting & getting notified of WordPress hack attempts


look forward to a fruitful discussion

regards
for Wordpress-development :: super toolkits a. http://wpgear.org/ :: and b. github.com/miziomon/awesome-wordpress
:: Awesome WordPress: A curated list of amazingly awesome WordPress resources, themes, plugins and shiny things.
User avatar
unleash_it
 
Posts: 171
Joined: 10. December 2011 18:32
Operating System: linux opensuse 12.1

Re: is there a free security audit tool for LAMP server - a

Postby nemesis » 20. January 2020 13:02

Ubuntu 18.04 | SMP P3 1.4 GHz | 6 GByte RegECC | 74 GByte Seagate 15k5 system | 3Ware 9550SXU-4LP with 4x 500 GByte Seagate ES2 Raid 10 data | StoreCase DE400 | PX-230A | Intel Pro/1000MT Dual PCI-X
User avatar
nemesis
AF Moderator
 
Posts: 1044
Joined: 29. December 2002 13:14
Location: Ingolstadt
XAMPP version: depends
Operating System: Linux, BSD, Win, iOS, Android

Re: is there a free security audit tool for LAMP server - a

Postby unleash_it » 20. January 2020 16:15

good day dear Nemesis,

many thanks for the quick answer with the links - thanks for sharing them.


I wlll have a closer look at all those.
for Wordpress-development :: super toolkits a. http://wpgear.org/ :: and b. github.com/miziomon/awesome-wordpress
:: Awesome WordPress: A curated list of amazingly awesome WordPress resources, themes, plugins and shiny things.
User avatar
unleash_it
 
Posts: 171
Joined: 10. December 2011 18:32
Operating System: linux opensuse 12.1


Return to Allerlei

Who is online

Users browsing this forum: No registered users and 2 guests