Forum OpenACS Q&A: Re: server security...

Collapse
5: Re: server security... (response to 1)
Posted by russ m on
General hints: perform as minimal an install of your OS of choice as can possibly get the job done - the more services running on the box the more potential points of attack. Keep up to date with vendor-supplied patches (ie subscribe to the RedHat update service). I assume (or is that "hope") that RedHat provide some kind of "securing your server" documentation - find it, read it, follow it.

A box is never "secure", it is just "up to date and secure enough". New vulnerabilities are continually discovered, and new exploits released. Keeping your system patched is essential, is (depending on your OS) usually pretty easy to do, and doing it would protect you from 7 of 10 most exploited unix vulnerabilities of the last year (according to SANS).

If you haven't been running something like AIDE or Tripwire, it's very difficult to know if your box has been compromised. "Once root, always root". There are rootkits available that load themselves into the kernel and make invisible their files, network activity and processes. The only way to be sure is to boot the server from a known-good system (like a bootable CD) and compare what's on disk to a known-good snapshot of your installed system. The safest approach is to nuke and reinstall the server in question.