[Linux-Discussion] Re: Updating a RedHat 6.1 box quickly
- From: Lynn Anderson <landerso@xxxxxxxxxx>
- To: linux-discussion@xxxxxxxxxxxxx
- Date: Wed, 19 Sep 2001 19:13:39 -0400
John Lewis wrote:
> I've inherited a default RedHat 6.1 box that's been running a basic website
> and email accounts for a non-profit for the past year or so. I'm no expert,
> so would love some advice to get the box uptodate, and secure...
>
nmap the machine from a remote host to see how bad things are.
> The box is at a remote site, so no xwindow's RedHat update. Are you all
> aware of a command line interface version of RedHat Update that I could use
> to quickly update all of the packages on the server?
>
I would leave it alone. Look for stuff that's been patched up for
security reasons, but don't touch anything else. The key to a stable
server: NEVER CHANGE ANYTHING. Personally, for server duty, I find that
binary packages tend to get in the way. Great for home use, but they
fall part on a server. Tend to break things randomly and don't give you
a lot of opportunity to test before doing a full switchover. See, with
say Apache source, you can build a copy, set it up isolated in it's own
dir, pull it up on a strange port, test that it works, then just do a
mass-copy changing only the port number that it listens on. With a
binary package, you can't do that(at least not without a great deal of
struggle). The OS just blasts away the old binaries and pulls it up
with the new and you cross your fingers and hope it works. Also, if you
build your own from source, you KNOW what is going with that machine.
> Also, what would be the best way to determine if it has been compromised in
> any way?
>
Review the logs, look for suspicious things. Check the passwd file for
accounts with dup'ed UIDs, look for odd directories with names like "..
"(yes, that's .. SPACE - rootkits like to hide in these), lrk5 is one
particular directory to look for. That's for version 5 of the Linux
rootkit. They will sometimes hide this stuff under /dev, so watch for
that. Tell the users to use secure passwords, give the mail users a
home dir like /dev/null or a suitably disabling shell(I forget which, if
either, the POP-3 daemon reacts to, sometimes a ~ of /dev/null will
disable POP access on some servers - RTFM!!!). DISABLE TELNET DISABLE
TELNET DISABLE TELNET. Stick with ssh and cryptic passwords. Buy an
O'Reilly book on system administration and one on security. Read them.
Read them again.
A good sysadmin is always cautious, repetative, predictable and fairly
paranoid.
--
"I am a riddle, wrapped in an enigma, wrapped in a question, wrapped in
a chewy caramel coating."
=============================================================
Avenir Web's Linux Discussion List
List info: //www.freelists.org/cgi-bin/webpage?webpage_id=13
To unsubscribe: email linux-discussion-request@xxxxxxxxxxxxx
with 'unsubscribe' in the Subject line.
Administrative contact: weez@xxxxxxxxxxxxx
=============================================================
Other related posts:
