Hey all,
So after being a longtime lurker, I'm ready to make my first post. I was kinda hoping it could be something that was a story, but circumstances conspire against me...
Heres the deal - I work as a developer/sysadmin in a small software shop. I started working in October, and got thrown into a project that has consumed all my time. So I haven't had time to familiarize myself with all of our systems yet (I know, bad me). I also happen to be the most experienced sysadmin/developer. Yikes.
The previous sysadmin left a bunch of things that work that I consider to be messes. One of these is the security (or lack thereof...) on our servers. All of our servers are public facing (about half the employees work from home) so these should be locked down, right? Wrong. They depend on the daemons being secure and depend on user permissions working. There isn't any intrusion detection software.
This all came to a boil on Friday - our upstream network let us know that our SVN server had been running software without our knowledge. (This is when I was made aware of the lack of security..). I'm still hunting down and removing all of it, but I'm recommending to my boss a complete rebuild of the machine. I have a list of all the security software I want to use, but I was wondering if any of the (more experienced than I am) sysadmins know of anything I've missed.
For the record, we're currently running FreeBSD, but I want to move to Hardened Gentoo (preferably) or OpenBSD.
Heres my list so far:
SELinux/grsecurity (Any recommendations on which?)
PAX (http://www.gentoo.org/proj/en/hardened/primer.xml)
tripwaire (http://sourceforge.net/projects/tripwire/)
Bastille (http://www.bastille-unix.org/)
ClamAV (?) (http://www.clamav.net/lang/en/)
And the normal firewall, lock down user privileges, strong passwords, etc.
I welcome very much your recommendations,
pitchpole
So after being a longtime lurker, I'm ready to make my first post. I was kinda hoping it could be something that was a story, but circumstances conspire against me...
Heres the deal - I work as a developer/sysadmin in a small software shop. I started working in October, and got thrown into a project that has consumed all my time. So I haven't had time to familiarize myself with all of our systems yet (I know, bad me). I also happen to be the most experienced sysadmin/developer. Yikes.
The previous sysadmin left a bunch of things that work that I consider to be messes. One of these is the security (or lack thereof...) on our servers. All of our servers are public facing (about half the employees work from home) so these should be locked down, right? Wrong. They depend on the daemons being secure and depend on user permissions working. There isn't any intrusion detection software.
This all came to a boil on Friday - our upstream network let us know that our SVN server had been running software without our knowledge. (This is when I was made aware of the lack of security..). I'm still hunting down and removing all of it, but I'm recommending to my boss a complete rebuild of the machine. I have a list of all the security software I want to use, but I was wondering if any of the (more experienced than I am) sysadmins know of anything I've missed.
For the record, we're currently running FreeBSD, but I want to move to Hardened Gentoo (preferably) or OpenBSD.
Heres my list so far:
SELinux/grsecurity (Any recommendations on which?)
PAX (http://www.gentoo.org/proj/en/hardened/primer.xml)
tripwaire (http://sourceforge.net/projects/tripwire/)
Bastille (http://www.bastille-unix.org/)
ClamAV (?) (http://www.clamav.net/lang/en/)
And the normal firewall, lock down user privileges, strong passwords, etc.
I welcome very much your recommendations,
pitchpole
Comment