Code: p623 Severity: Warning
Description: This event is generated when an attempt is made to access the ps command via the web Impact: Attempt to gain information on system processes on webserver Corrective: Webservers should not be allowed to view or execute files and binaries outside of it's designated web root or cgi-bin. This command may also be requested on a command line should the attacker gain access to the machine. On BSD derived systems, setting the parameter "kern.ps_showallprocs" to zero will show only the processes being run by that user except for root who will still see all processes.
|
