On May 21, 3:26 pm, Chris Miller <[email protected]> wrote: > Along those lines, SELinux/AppArmor are good tools to help lock down > attack vectors. They are a way of further securing your system from > remote code injection exploits. For instance, I had an old box running > SELinux that prevented Apache processes from editing anything outside > of /var/www, and anything that wasn't in /var/www/cgi-bin wouldn't > execute at all. People could upload things to the site, sure. But > that'd put the file in /var/www/sitename, so it would never be able to > execute (which was limited to cgi-bin). > > Things like that can help. > > Altering the ports can help, too. Change the SSH port, which will > dodge a lot of attacks that aren't specifically targeted at you.
I'll look in to that, thanks. > > At the end of the day, however, every machine is hackable. If you have > physical access to a box, it's really trivial to get access. So, I'd > suggest the following: > > * Secure it as much as you want. > * Keep REGULAR backups off-site (or at least on a different machine). > > A computer's operating environment can be rebuilt easily, especially > if you keep good documentation of how you set it up. > > Your data cannot be rebuilt. (So, backup data, but not application > files. For instance, if I'm using WordPress, backup > wp-content/uploads, but nothing else). SQL backups are nice, too. > > If you have the space, make full image backups. I used to have an > awesome backup script that would save my whole web server's state with > a single command:http://fsdev.net/articles/Redmine-Install-Guide.html#backups > > So I guess what I'm trying to say is that security is good, but it's > also not a replacement for backups. If you have both, you should be > fairly well covered. > > Oh, dont worry; I back up all files as I go. My main concern is protecting online passwords. -- You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit our group at http://groups.google.com/group/linuxusersgroup Please remember to abide by our list rules (http://tinyurl.com/LUG-Rules or http://cdn.fsdev.net/List-Rules.pdf)
