I need to build out and update the docs on Drupal 7 and IIS now that it's released. ;) Drupal does have a security list and reports all vulnerabilities per their policy, also get familiar with drush for updating that one as it's much easier. There are eCommerce modules for Drupal, pity you are not going to have a unified solution. Best of luck getting everything setup and secured.
Steven Peck http://www.blkmtn.org On Fri, Mar 4, 2011 at 7:13 AM, Stefan Jafs <[email protected]> wrote: > You are absolutely correct we are using LAMP, Apache, MySQL, PHP. I was > playing around with WAMP for a while but could not get it to work and > finally gave up and went to CentOS. > > Interesting our new website is being developed in Drupal (not the > e-commerce site) and I like what I see so far. > > > > Yes thanks for the advice, I will definitely get the needed info from the > developer. > > > SJ > > On Thu, Mar 3, 2011 at 4:50 PM, Steven Peck <[email protected]> wrote: > >> At a guess you are getting some LAMP based app. >> >> I am going to take some liberal guesses here. At a high level you most >> likely has some web based front end, a script language, a database and >> certificates for SSL. Most web based front ends can have something that >> just copies the files. Make sure you identify the configuration file which >> contains the database pointers and accounts as it generally is where issues >> occur. These scripts are generally static so once you have them secure it's >> not all that annoyuing to replace them on a different ssytem. There are any >> number of tools to dump the database to flat file (MySQL / PostGRE being the >> most popular databases for this). Then that database backup should end up >> somewhere. >> >> Being able to grab this stuff will help with building out a test site >> elsewhere for future development and testing upgrades of... OS, scripting >> language (php, perl, python, etc) database, web server (Apache)..... :) >> >> In general this stuff is fairly simple once you have a documented handle >> on it. Developers tend to neglect this aspect. One of your hopes is that >> they are building this off of an available toolkit or CMS. If they are, then >> someone should be on that tool kits security alert list, especially >> considering eCommerce and your companies reputation. I spent a lot of years >> in the Drupal community building out this awareness with the developers and >> documentation so am familiar with the slight learning curve you see yourself >> in front of. It's not that bad but make them do the work of documenting the >> app and it will make your life significantly easier. >> >> Have fun. >> >> >> Steven Peck >> http://www.blkmtn.org >> >> >> >> >> On Thu, Mar 3, 2011 at 1:15 PM, Stefan Jafs <[email protected]>wrote: >> >>> Point, well taken, sometimes you are too close to the issue and don't >>> think clearly. >>> >>> Obviously it should (will be) part of the acceptance of the software to >>> document a proper backup procedure. >>> >>> >>> >>> Thanks for pointing it out. >>> >>> On Thu, Mar 3, 2011 at 4:03 PM, Steven Peck <[email protected]> wrote: >>> >>>> Why does the the developer get to dictate... oh never mind. >>>> >>>> Tell the developer that you need a backup/restore plan as part of the >>>> turn over to production and have such documentation be added to the scope >>>> of >>>> work for (his buddy :) the consultant along with an actual test of the >>>> backup restore plan. >>>> >>>> Don't try and blindly design the plan yourself, make the people who put >>>> you in the corner responsible for deliverable along with you. You are also >>>> going to need a plan for updating CentOS in a manner that won't break your >>>> application too so I'd get that documentation as well while you're at it. >>>> Despite many myths, Linux has security and software updates as well. >>>> >>>> As to the VMware backup being enough? Might be, but how will you know >>>> without a documented backup/restore plan of the application itself? >>>> >>>> Steven Peck >>>> http://www.blkmtn.org >>>> >>>> >>>> >>>> On Thu, Mar 3, 2011 at 12:45 PM, Stefan Jafs <[email protected]>wrote: >>>> >>>>> Ok, I’m venturing into the big unknown . . . . . . . world of Linux >>>>> and the reason is, we are setting up an e-commerce site and the developer >>>>> insists on using Linux for the webserver. So I hired a consultant and had >>>>> the server up and running in an afternoon and they are now loading the web >>>>> software as we speak. >>>>> >>>>> >>>>> >>>>> So my question is about backup. I’m running this in VMware 4.0 and my >>>>> backup Software is BackupExec 2010 R2. I have the Agent for VMware >>>>> infrastructure and can back up the VM that way, just did it and it worked. >>>>> >>>>> Now my question is would this snapshot backup be sufficient or should I >>>>> get the Agent for Linux and be able to do an GRT backup? >>>>> >>>>> >>>>> >>>>> What are your suggestions? >>>>> >>>>> >>>>> -- >>>>> Stefan Jafs >>>>> >>>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>> >>>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>>> >>>>> --- >>>>> To manage subscriptions click here: >>>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>>> or send an email to [email protected] >>>>> with the body: unsubscribe ntsysadmin >>>>> >>>> >>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>> --- >>>> To manage subscriptions click here: >>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>> or send an email to [email protected] >>>> with the body: unsubscribe ntsysadmin >>>> >>> >>> >>> >>> -- >>> Stefan Jafs >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > > > -- > Stefan Jafs > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
