Re: chkrootkit infected ports 2881 - conundrum
2008/8/27 Eduardo M KALINOWSKI <firstname.lastname@example.org>:
> What I could recommend is to run only the necessary services, and if
> possible restrict the IPs allowed to connect to them, keep the system
> updated with security fixes, make frequent backups, and other obvious
> things that we all already know of. :-)
This, essentially, is what I am aiming to do. Without physical access
to my server, it really does seem to be the best possible approach. At
the moment, I'm working on a script to automate the initial deployment
of the various security/hardening packages, on the basis that the
faster those are installed and set up once the server is live, the
greater the chance of security.
It's no small task to write that script though, that's for sure. Each
package has its own quirks that have to be accounted for one way or
another. I can't quite believe how much time it's taking me to finish!