RE: Help needed - server hacked twice in three days (and I don't think I'm a newbie)
Use md5 passwords and require longer passwd next time !?!
First of all, there are "lots" of tweaks to secure debian in
http://www.debian.org/doc/manuals/securing-debian-howto/
I haven't read all of this thread here, but if it's only a LAMP system, I
would clone it building a new machine secure from the start (using the above
reference), copying and verifying piece by piece all config elements, and
finally copy the web data and migrate from the original to the clone.
Once hacked, it is too hard to say if the machine is surely secured to keep
it in production IMHO.
++
-----Message d'origine-----
De : Paolo Pedaletti [mailto:paolo.pedaletti@unimib.it]
Envoyé : vendredi 22 juillet 2005 11:32
À : debian-security@lists.debian.org
Objet : Re: Help needed - server hacked twice in three days (and I don't
think I'm a newbie)
ciao Thomas Sjögren,
> . Better passwords
like using libpam-cracklib and dcredit,ucredit,lcredit,ocredit options
and...
- send syslog (better syslog-ng) entries to a log-server
- chroot LAMP
- run nessus against the server
- run snort on server
- ... (what else?)
If he had enough time, he could put your LAMP-server beyond a transparent
forwarding-server and log everything.
HTH
--
/* Paolo Pedaletti,
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: