You are absolutely correct we are using LAMP, Apache, MySQL, PHP. I was playing around with WAMP for a while but could not get it to work and finally gave up and went to CentOS.
Interesting our new website is being developed in Drupal (not the e-commerce site) and I like what I see so far. Yes thanks for the advice, I will definitely get the needed info from the developer. SJ On Thu, Mar 3, 2011 at 4:50 PM, Steven Peck <[email protected]> wrote: > At a guess you are getting some LAMP based app. > > I am going to take some liberal guesses here. At a high level you most > likely has some web based front end, a script language, a database and > certificates for SSL. Most web based front ends can have something that > just copies the files. Make sure you identify the configuration file which > contains the database pointers and accounts as it generally is where issues > occur. These scripts are generally static so once you have them secure it's > not all that annoyuing to replace them on a different ssytem. There are any > number of tools to dump the database to flat file (MySQL / PostGRE being the > most popular databases for this). Then that database backup should end up > somewhere. > > Being able to grab this stuff will help with building out a test site > elsewhere for future development and testing upgrades of... OS, scripting > language (php, perl, python, etc) database, web server (Apache)..... :) > > In general this stuff is fairly simple once you have a documented handle on > it. Developers tend to neglect this aspect. One of your hopes is that they > are building this off of an available toolkit or CMS. If they are, then > someone should be on that tool kits security alert list, especially > considering eCommerce and your companies reputation. I spent a lot of years > in the Drupal community building out this awareness with the developers and > documentation so am familiar with the slight learning curve you see yourself > in front of. It's not that bad but make them do the work of documenting the > app and it will make your life significantly easier. > > Have fun. > > > Steven Peck > http://www.blkmtn.org > > > > > On Thu, Mar 3, 2011 at 1:15 PM, Stefan Jafs <[email protected]>wrote: > >> Point, well taken, sometimes you are too close to the issue and don't >> think clearly. >> >> Obviously it should (will be) part of the acceptance of the software to >> document a proper backup procedure. >> >> >> >> Thanks for pointing it out. >> >> On Thu, Mar 3, 2011 at 4:03 PM, Steven Peck <[email protected]> wrote: >> >>> Why does the the developer get to dictate... oh never mind. >>> >>> Tell the developer that you need a backup/restore plan as part of the >>> turn over to production and have such documentation be added to the scope of >>> work for (his buddy :) the consultant along with an actual test of the >>> backup restore plan. >>> >>> Don't try and blindly design the plan yourself, make the people who put >>> you in the corner responsible for deliverable along with you. You are also >>> going to need a plan for updating CentOS in a manner that won't break your >>> application too so I'd get that documentation as well while you're at it. >>> Despite many myths, Linux has security and software updates as well. >>> >>> As to the VMware backup being enough? Might be, but how will you know >>> without a documented backup/restore plan of the application itself? >>> >>> Steven Peck >>> http://www.blkmtn.org >>> >>> >>> >>> On Thu, Mar 3, 2011 at 12:45 PM, Stefan Jafs <[email protected]>wrote: >>> >>>> Ok, I’m venturing into the big unknown . . . . . . . world of Linux >>>> and the reason is, we are setting up an e-commerce site and the developer >>>> insists on using Linux for the webserver. So I hired a consultant and had >>>> the server up and running in an afternoon and they are now loading the web >>>> software as we speak. >>>> >>>> >>>> >>>> So my question is about backup. I’m running this in VMware 4.0 and my >>>> backup Software is BackupExec 2010 R2. I have the Agent for VMware >>>> infrastructure and can back up the VM that way, just did it and it worked. >>>> >>>> Now my question is would this snapshot backup be sufficient or should I >>>> get the Agent for Linux and be able to do an GRT backup? >>>> >>>> >>>> >>>> What are your suggestions? >>>> >>>> >>>> -- >>>> Stefan Jafs >>>> >>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>> --- >>>> To manage subscriptions click here: >>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>> or send an email to [email protected] >>>> with the body: unsubscribe ntsysadmin >>>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >>> >> >> >> >> -- >> Stefan Jafs >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
