{"id":154,"date":"2013-07-20T00:36:49","date_gmt":"2014-07-19T21:36:49","guid":{"rendered":"https:\/\/furkansandal.com\/?p=154"},"modified":"2014-07-20T00:46:38","modified_gmt":"2014-07-19T21:46:38","slug":"tmp-klasorunde-cgi-ve-perl-guvenligi","status":"publish","type":"post","link":"https:\/\/furkansandal.com\/tmp-klasorunde-cgi-ve-perl-guvenligi\/","title":{"rendered":"Tmp Klas\u00f6r\u00fcnde Cgi ve Perl G\u00fcvenli\u011fi"},"content":{"rendered":"

Tmp Klas\u00f6r\u00fcnde Cgi ve Perl G\u00fcvenli\u011fi Nas\u0131l Sa\u011flan\u0131r ?<\/span><\/h1>\n
\n

\"\"<\/p>\n

Sisteminize s\u0131zan heyk\u0131rlar sunucunuzdaki sitelere ula\u015fmak i\u00e7in \u00f6ncelikle cd \/tmp<\/span><\/b><\/span> derler. Neden ?, \u00c7\u00fcnk\u00fc tmp\u00a0<\/strong><\/span>klas\u00f6r\u00fcn\u00fcn chmod izinleri olur ve kolayl\u0131kla sisteme s\u0131zarlar. Bu konumda ise sizlere bunlar\u0131n \u00f6n\u00fcne ge\u00e7ebilmek i\u00e7in yani tmp<\/strong> <\/span>kl\u00f6s\u00fcr\u00fcne cgi ve perl inject edilmesinin \u00f6n\u00fcne ge\u00e7ebilmek<\/span> <\/strong>i\u00e7in etkili bir yol g\u00f6stericem.<\/p>\n

\u00d6ncelikle SSH ile sunucumuzda root olal\u0131m,<\/span><\/strong><\/p>\n

\"\"<\/p>\n

nano \/etc\/fstab<\/pre>\n
Bu komut ile etc klas\u00f6r\u00fcndeki fstab dosyas\u0131n\u0131 a\u00e7\u0131yoruz. Ve Daha Sonra ;<\/p>\n
mount \/dev\/loop0 -o noexec,nosuid,rw \/dev\/tmpFS \/tmp\r\nmount \/dev\/loop0 \/dev\/tmpFS -o noexec,nosuid,rw<\/pre>\n
Bu komutu a\u00e7\u0131lan dosyaya kaydedelim. Ve Son olarakta ;<\/p>\n
mount -obind,nosuid,noexec,nodev,rw \/usr\/tmp \/tmp<\/pre>\n
Komutunu \u00e7al\u0131\u015ft\u0131r\u0131yoruz ssh’dan \u00e7\u0131k\u0131yoruz ve tmp klosoru eskisinden daha g\u00fcvenli hale geliyor. Bu sayede server’de backconnect bile olunsa tmp kl\u00f6s\u00fcr\u00fcne eri\u015fim sa\u011flan\u0131lamaz. Bu \u015fekilde Sunucumuzun G\u00fcvenli\u011fini Bir nebzede olsa sa\u011flam\u0131\u015f oluyoruz \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"
Tmp Klas\u00f6r\u00fcnde Cgi ve Perl G\u00fcvenli\u011fi Nas\u0131l Sa\u011flan\u0131r ? Sisteminize s\u0131zan heyk\u0131rlar sunucunuzdaki sitelere ula\u015fmak i\u00e7in \u00f6ncelikle cd \/tmp derler….<\/p>\n","protected":false},"author":1,"featured_media":162,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","footnotes":""},"categories":[6,9,10,7,4],"tags":[],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2014\/07\/linuxx.jpg?fit=1920%2C1165&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6BM7I-2u","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/154"}],"collection":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/comments?post=154"}],"version-history":[{"count":0,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/154\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media\/162"}],"wp:attachment":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media?parent=154"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/categories?post=154"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/tags?post=154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}