securing a system

Lisa Kachold lisakachold at obnosis.com
Wed Jun 15 08:17:05 MST 2011 

Hi Steve!

I would be very careful about specifics to a list; especially if you plan to
later advertise you work there.

Using another name or alias for security questions is generally best.

See my suggestions below.

On Tue, Jun 14, 2011 at 10:41 PM, Steve Phariss <sphariss at gmail.com> wrote:

> I may have a job putting a compramised system back into production
> (actually we are moving them from Ubuntu to a RHEL VM...)
>

Be sure to do your feasibility research BEFORE making a technical
recommendation.   A feasibility  plan takes into consideration ALL of the
various daemons and services as well as other things which much connect and
network (iSCSI for instance).   What will you do if one of their programs
(Mason-CM) won't work with RHEL VM?

>
> I am still lacking some details but they are running apache, Mysql AND
> Postgres, Drupal, and something called  *Mason*-*CM.  I am not sure why
> the two DBs but if there is not a good reason I will move them off of one or
> the other.
> *


Mason-CM is required for one of their apps.  You will break upwards
compatibility if you move them. Run both.

> *
> Anyone have any good docs on securing Apache, Drupal, the DBs, or Mason-CM?
> *


That's too blanket of a question.  Apache/SSL/postgresql all have
insecurities based on version.
Everything can be "hacked" or configured just to work, not to work securely.

Apache runs with many additional features, for instance mod-proxy.
Drupal runs with third party contributed modules -- not all secure as the
government learned last year in a famous hack.
DB's are only as good as the underlying security model.
Read the docs for Mason-CM (but again it's going to be dependent for sql
injection protection on the underlying code base or app).

The best I can suggest is to run Rapid7 Nexpose security scanner against
your configuration and mitigate each thing one by one.

But before you rebuild, you might take a minute to determine the "attack
vector".

> *
> Thanks
>
> Steve
> *
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
(602) 791-8002  Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
*
*Server Engineer/Security Administrator
HomeSmartInternational.com <http://www.homesmartinternational.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110615/7d8dfc39/attachment.html>

More information about the PLUG-discuss mailing list