Hi Lisa, This post was just the very basics. There will be several of us looking at the attack vector and logs. There are things I will not have control over and I have let my concerns (many of them you mentioned, it's good to know I am on the right track )be known to the hiring company. Good point of using an alias. I know that minimizing the attack vectors is generally best, that is why I would like to (if possible) eliminate one of the DBs. If not possible, secure both as well as possible. On Wed, Jun 15, 2011 at 8:17 AM, Lisa Kachold wrote: > Hi Steve! > > I would be very careful about specifics to a list; especially if you plan > to later advertise you work there. > > Using another name or alias for security questions is generally best. > > See my suggestions below. > > On Tue, Jun 14, 2011 at 10:41 PM, Steve Phariss wrote: > >> I may have a job putting a compramised system back into production >> (actually we are moving them from Ubuntu to a RHEL VM...) >> > > Be sure to do your feasibility research BEFORE making a technical > recommendation. A feasibility plan takes into consideration ALL of the > various daemons and services as well as other things which much connect and > network (iSCSI for instance). What will you do if one of their programs > (Mason-CM) won't work with RHEL VM? > >> >> I am still lacking some details but they are running apache, Mysql AND >> Postgres, Drupal, and something called *Mason*-*CM. I am not sure why >> the two DBs but if there is not a good reason I will move them off of one or >> the other. >> * > > > Mason-CM is required for one of their apps. You will break upwards > compatibility if you move them. Run both. > >> * >> Anyone have any good docs on securing Apache, Drupal, the DBs, or >> Mason-CM? >> * > > > That's too blanket of a question. Apache/SSL/postgresql all have > insecurities based on version. > Everything can be "hacked" or configured just to work, not to work > securely. > > Apache runs with many additional features, for instance mod-proxy. > Drupal runs with third party contributed modules -- not all secure as the > government learned last year in a famous hack. > DB's are only as good as the underlying security model. > Read the docs for Mason-CM (but again it's going to be dependent for sql > injection protection on the underlying code base or app). > > The best I can suggest is to run Rapid7 Nexpose security scanner against > your configuration and mitigate each thing one by one. > > But before you rebuild, you might take a minute to determine the "attack > vector". > >> * >> Thanks >> >> Steve >> * >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >> > > > > -- > (602) 791-8002 Android > (623) 239-3392 Skype > (623) 688-3392 Google Voice > * > *Server Engineer/Security Administrator > HomeSmartInternational.com > > > > > > > > > > > > > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >