Quote:
|
Originally Posted by audio
It just seems like there has to be more sophisticated ways to detect something like that on the host level. Such as the Kernel realizing and logging commands that the user www is trying to carry out.
|
Ah, maybe you need to take a close look at MAC.
In the case of apache, you could also consider running it inside a FreeBSD jail. At least in this case you can keep a "cold spare" backup of the jail on standby and learn enough from an exploit to lock it down and then fire it up again. Additionally, even if apache within a jail is compromised, it'll be a lot more difficult to cause problems on the host system.