Forum Moderators: phranque
So what are your daily rituals.
BTW, Running RedHat on a WHM Cpanel system.
... how to get around on telnet ...
... box secure ...
<nitpick> If you want to feel really safe you should be using SSH, not telnet. </nitpick>
Another thing you should be doing is subscribing to your distro's security mailing list, then you can know quickly if something must be patched.
In part, I suggest considering using something like tripwire. Basically, you want to know if your server has been compromised or not -- and if so, what the damage/changes are -- thus what you need to do to return the box to how it was/should be. Using a monitoring system based on tripwire would provide that capability.
Again, get the above book, read up on tripwire (covered well in the book, BTW) and set up a proactive monitoring system where the state of your server's security is a known fact, not a guessing game or something relying on stuff you don't understand. There are many other things to do as well, of course. The above book touches on them.
I'm sure you'll want to try all this stuff out on a test box, not your production server as you learn this stuff. I would load the test/learning server with the same software that's on the production machine, put it on your LAN and connect and administer it over SSH just like you do your production server that's (hopefully) in a data center.
As a programmer/analyst for almost 14 years now, I like to say "there is no magic in the box"...it's just a matter of knowing what the relevant facts are. For a server, knowing your important files -- such as binaries, configuration files and other such crucial files have not been modified seems like part of the solution to me.
You'll learn a lot about how to harden your server by reading the above book -- and what's needed to *keep* it hardened -- such as the need to monitor what patches are available that you need to apply as security vulnerabliites come to light.
After you feel you've hardened the server and have a good system in place to keep it secure, you might want to hire someone (like the book's author) to check out your server to see how secure it appears to them. I have no connection to the author -- just noting he has a company that does stuff like that, as do many others.
Some folks also like the book "Hacking Linux Exposed -2nd Ed." better than the above one. Heck, I own both and like both. Hope the above helps.
Best wishes, Louis
WHM does sell a package that offers additional security. It apparently does nightly checks of all kinds of things. I have no idea how good that security is...Anyone have experience with it? Is it good enough for reasonable security?
I know there are so many hacking tools out there. I heard that there's one hacking tool that is so brilliant it will actually replace your executables and even your "ls" executable so if you do an "ls" on the corrupt executable it will tell you that it is the correct filesize so that you will think you are ok.
you've obviously never tried the disappearing sites trick in Linux:
rm -rf /home
Don't forget about general maitenance issues besides security.
Make sure all processes run as they should be.
You wouldn't believe how many calls I got from my customers about their boxes being hacked/cracked/burned .... when all I saw is a full /var partition :)
No magic in the box...although sometimes folks lack an understanding of what's going on...and figure it must be that magic computer pixie dust at work -- except maybe the folks at VERY high elevations that might blame it on the effects of solar radiation on the memory modules! ;-)
