[CentOS] Help: Server security compromised?

Wed Aug 6 07:14:38 UTC 2008
Noob Centos Admin <centos.admin at gmail.com>

On Wed, Aug 6, 2008 at 3:06 PM, Bent Terp <bent at terp.se> wrote:

> On Wed, Aug 6, 2008 at 8:29 AM, Noob Centos Admin
> <centos.admin at gmail.com> wrote:
> > Since I followed some of the rules about SSH and used a non-standard port
> > for SSH and disable SSHD listening on the default port 22, I've no way
> back
> IMNSHO that's not particularly effective - much better to set up SSH
> keys and either set
> 'PermitRootLogin without-password' in /etc/ssh/sshd_config; or
> set 'PermitRootLogin no', and then su or sudo from your regular user -
> I know the latter IS more secure, but it's also more annoying to work
> with....

I did that too, no root login and everytime I have to su from normal user.
It is a pain to work with especially with having to use full pathnames for
commands instead of say just doing a "service httpd restart". But I figured
it was better safe than sorry and as well as I can do since I could not
figure out how to properly create a self-sign SSL cert.

Remember to reinstall from scratch if your server has been compromised
> - there are thousands of dark dusty corners for the bugs to hide, once
> they're inside, so don't expect to be able to flush them out.

Well, the thing is I'm not sure if it's compromised since now it became
obvious that the iptables is just being reset by the apf settings.. which is
at the moment a good thing since on reboot, apf re-added the lines to
disable the firewall every 5 minutes so I'm able to get back into the

Now I just have to figure out where exactly can I add the block for the
offending VNSL IP address and have it work without choking up. However, I
decided to try whatever it is on Saturday so clients won't be hopping mad
why everything's dead.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080806/d3013a63/attachment-0004.html>