Linux guru (Vlad?)
Posted: Fri Feb 20, 2009 12:10 am
Figured I'd throw that name in there seeing as he is almost always the one who replies.
Sorry buddy if that makes you uncomfrotable or anything.
Anyone else listening is welcome to chime in of course.
Basically I have walked into a situation where this organization manages there physical servers and I suppose buy the uplink from a ISP to support hosting a web site completely in house, somewhat different from me, where I am used to working with dedicated server s at most.
Issue 1: They are running Ubuntu Server and while thats fine I think they'd be better off running Debian reduced to nothing more than a web server, and I am more familiar wih Debian as well.
Problem is, the server is "live" so I cannot just reformat everything, drop the partitions, re-install Debian and AMP software and think wrestle with the codebase getting it conigured. My biggest fear though, is that the internal DNS servers might trip me up, unless we use some third party party DNS.
I'n the process of switching to Debian I am going to disable remote root login, force sudo and keep logs for everything (Apache, Linux, shell history?, PHP) hopefully find some tools to help us analyze data and determine any exploit vectors, etc
Disabling error reporting, Seetting persmissions, limited user accounts, all these things are trivial...
I know that dedicated hosts usually offer firewalls for additional security, can we do something similar inside out own network, how would that work? The firewall should only allow HTTP responses if the matching HTTP request has been found, anything we can do to prevent DoS, etc. Where would a frewall sit in this kind of setup? Seperate computer or would I setup IP table firewalls on the Live server?
Just a few question I have for now, more will come later.
Thanks for the replies in advance
Cheers,
Alex
Anyone else listening is welcome to chime in of course.
Basically I have walked into a situation where this organization manages there physical servers and I suppose buy the uplink from a ISP to support hosting a web site completely in house, somewhat different from me, where I am used to working with dedicated server s at most.
Issue 1: They are running Ubuntu Server and while thats fine I think they'd be better off running Debian reduced to nothing more than a web server, and I am more familiar wih Debian as well.
Problem is, the server is "live" so I cannot just reformat everything, drop the partitions, re-install Debian and AMP software and think wrestle with the codebase getting it conigured. My biggest fear though, is that the internal DNS servers might trip me up, unless we use some third party party DNS.
I'n the process of switching to Debian I am going to disable remote root login, force sudo and keep logs for everything (Apache, Linux, shell history?, PHP) hopefully find some tools to help us analyze data and determine any exploit vectors, etc
Disabling error reporting, Seetting persmissions, limited user accounts, all these things are trivial...
I know that dedicated hosts usually offer firewalls for additional security, can we do something similar inside out own network, how would that work? The firewall should only allow HTTP responses if the matching HTTP request has been found, anything we can do to prevent DoS, etc. Where would a frewall sit in this kind of setup? Seperate computer or would I setup IP table firewalls on the Live server?
Just a few question I have for now, more will come later.
Thanks for the replies in advance
Cheers,
Alex