Re: Help: Server security compromised?

"Noob Centos Admin" <centos.admin@xxxxxxxxx> · Wed, 6 Aug 2008 15:14:38 +0800

On Wed, Aug 6, 2008 at 3:06 PM, Bent Terp <bent@xxxxxxx> wrote:

On Wed, Aug 6, 2008 at 8:29 AM, Noob Centos Admin

<centos.admin@xxxxxxxxx> wrote:

> Since I followed some of the rules about SSH and used a non-standard port

> for SSH and disable SSHD listening on the default port 22, I've no way back

IMNSHO that's not particularly effective - much better to set up SSH

keys and either set

'PermitRootLogin without-password' in /etc/ssh/sshd_config; or

set 'PermitRootLogin no', and then su or sudo from your regular user -

I know the latter IS more secure, but it's also more annoying to work

with....

I did that too, no root login and everytime I have to su from normal user. It is a pain to work with especially with having to use full pathnames for commands instead of say just doing a "service httpd restart". But I figured it was better safe than sorry and as well as I can do since I could not figure out how to properly create a self-sign SSL cert.

Remember to reinstall from scratch if your server has been compromised

- there are thousands of dark dusty corners for the bugs to hide, once

they're inside, so don't expect to be able to flush them out.

Well, the thing is I'm not sure if it's compromised since now it became obvious that the iptables is just being reset by the apf settings.. which is at the moment a good thing since on reboot, apf re-added the lines to disable the firewall every 5 minutes so I'm able to get back into the server.

Now I just have to figure out where exactly can I add the block for the offending VNSL IP address and have it work without choking up. However, I decided to try whatever it is on Saturday so clients won't be hopping mad why everything's dead.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos