[CentOS] Help: Server security compromised?

Wed Aug 6 07:14:38 UTC 2008
Noob Centos Admin <centos.admin at gmail.com>

On Wed, Aug 6, 2008 at 3:06 PM, Bent Terp <bent at terp.se> wrote:

> On Wed, Aug 6, 2008 at 8:29 AM, Noob Centos Admin
> <centos.admin at gmail.com> wrote:
> > Since I followed some of the rules about SSH and used a non-standard port
> > for SSH and disable SSHD listening on the default port 22, I've no way
> back
>
> IMNSHO that's not particularly effective - much better to set up SSH
> keys and either set
> 'PermitRootLogin without-password' in /etc/ssh/sshd_config; or
> set 'PermitRootLogin no', and then su or sudo from your regular user -
> I know the latter IS more secure, but it's also more annoying to work
> with....


I did that too, no root login and everytime I have to su from normal user.
It is a pain to work with especially with having to use full pathnames for
commands instead of say just doing a "service httpd restart". But I figured
it was better safe than sorry and as well as I can do since I could not
figure out how to properly create a self-sign SSL cert.


Remember to reinstall from scratch if your server has been compromised
> - there are thousands of dark dusty corners for the bugs to hide, once
> they're inside, so don't expect to be able to flush them out.
>

Well, the thing is I'm not sure if it's compromised since now it became
obvious that the iptables is just being reset by the apf settings.. which is
at the moment a good thing since on reboot, apf re-added the lines to
disable the firewall every 5 minutes so I'm able to get back into the
server.

Now I just have to figure out where exactly can I add the block for the
offending VNSL IP address and have it work without choking up. However, I
decided to try whatever it is on Saturday so clients won't be hopping mad
why everything's dead.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080806/d3013a63/attachment-0005.html>