On 08/04/07, Josh Zlatin-Amishav <[EMAIL PROTECTED]> wrote:
On Sun, 8 Apr 2007, Ori Idan wrote: > What should I do to prevent such hackes in the future? There are lots of things you can do, like keep software up to date, remove unneeded services, audit web applications for flaws (though I am kind of partial to the last one ;)
Sticking to supported versions is rule number one in production networks (and plan ahead to switch to a later version well before the current one you use get's EOL'ed). As far as I'm aware FC is just a beta for RedHat and I'm not even sure they promise to issue security patches for it. By "supported" I mean that the distro vendor promises to track the relevant security vulnerabilities in the included software and issue patched packages in a timely manner. Keeping services jailed would help too (even a simple chroot could help here) and generally segregated - minimizing amount of code running as root, possibly running web apps in their own user id, having firewalls on the server in addition to the network firewalls. Preparing to be able to re-build the machine from scratch (not just backups, but an automatic way to install the OS, all necessary packages and configuration files) would also help you just re-install a compromised system - because you can never know what easter egg your friendly neighborhood hacker has left behind. (Again - I'm not quite familiar with FC or RH but Debian makes all these suggestions uber easy). Lots more, depending on particular setup. --Amos
