[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

Wed Jun 3 14:47:38 UTC 2009
Ross Walker <rswwalker at gmail.com>

On Wed, Jun 3, 2009 at 9:22 AM, Linux Advocate <linuxhousedn at yahoo.com> wrote:
>
> i am not worried abt reinstalling ( i loathe doing it ) but my worry here ( as some of you have  accurately pointed out ) is that the 'issue' will repeat again bcos i just downt know what happened. I m just surprised that a centos box was compromised.
>
> The box is unplugged now.
>
> Any more ideas?

Keep the old OS data for forensic analysis, but build a fresh install
with only the essential services needed to host the web site, not
manage it.

It may be a lot of work, but going forward think about using Xen PV
domains for the edge web hosts on vlans in a dmz.

You can mount the web data via a read-only NFS share through the DMZ
firewall, and have 2 hosts balanced and a 3rd as a "hot-spare" host in
case any of the first two get compromised. Even better build a web
host image, take LVM snapshots of it and have Xen boot those!

Software inheritenly has bugs, and some of those bugs will lead to
security compromises. Keep your software up to date, only install
necessary services, build your security in layers and have a backup
plan.

-Ross