[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: chkrootkit has me worried!



Alvin Oga schrieb:

> 	- fresh installs means you have to configure everything
> 	again from nothing .. maybe 1hr ..maybe 1 day .. maybe 1 week

No, you don't; you can just review the configuration file(s) manually
or check them against a known good backup.

> always push backups, since remote machines should NEVER have access to
> root-read-only files

That is not a good idea in a typical hosting environment; if you push
your backup and the machine to be backupped is compromised, the
attacker has access to your backups too because the automatic backup
process has to have the necessary credentials (unless you want to type
in the credentials every hour/day/week by hand, which is not very
feasible). Your backup host can and should be quite locked down so it
should be much harder to attack - I would prefer to allow remote
access to root-read-only files from a backup machine that is
presumably safe to giving an attacker from the "front-end" machine
access to the backups.

If you'vo got enough spare space on the server to be backupped, you
could backup everything to the local harddisk first and then pull it
from there - so you don't have the credentials for the backup space on
the compromised machine, but also don't need to allow a root login
from outside.

Or you can push the backup out and then secure it on the backup
server, i.e. write protect it or copy it to another location where the
"front-end" host to be backupped has no access.

-thh



Reply to: