[oclug] a rooted system
Dan York
dyork at e-smith.com
Tue Apr 24 08:27:19 EDT 2001
Billy,
I'll go along with Bill Strosberg:
> Please take the advice of the OCLUG members, and completely re-install the
> machine.
Personally, if I were in your situation and had to minimize the downtime
of the main system, I would build a second system (assuming equivalent
hardware is available) with a complete reinstall and make sure that this
new system is as secure as possible... and then simply copy the user data
over from the first system. The CVS repository and the MySQL database
should go fine, as well as all the apache data. That way the system only
has to be offline for the time that it takes you to copy over the files,
check the configurations and test the system.
Then I would make sure to nuke the first system and do a complete
reinstall to ensure that no one accidentally starts using it as another
Linux server.
I would also suggest changing the network configuration to have some
kind of "expendable" firewall box between your server and the Internet.
Some Linux box that does port-forwarding/proxying to relay requests to
the servers on the inside. Something that if it gets compromised you
can just nuke and reinstall in a matter of minutes.
Finally, I would STRONGLY recommend you figure out a way to educate
your users to move way the hell away from ftp. It is just ***BAD***
when it comes to security... I mean... *plaintext* passwords just have
no role in today's network, IMHO. I would show them how to use 'scp'
instead and they can them upload/download files via scp/ssh and
eventually you can get rid of that nasty ftp server.
Best wishes with it all!
My 2 cents,
Dan
More information about the OCLUG
mailing list