I run my own web server and have done so for a number of years. The OS
is Mandriva Server 3 which is now 3 years old but still supported and I
keep it fully patched and up to date. I receive the security advisories
and act within hours on those. I have recently updated OpenSSH. I am
planning to change to CentOS 5.1 in a few weeks.
My router only has the necessary ports open for mail, ssh and web. FTP
is blocked and the service does not run on the box. I run ssh through a
non standard port (externally) and use normal password authentication.
The ssh config file does not allow root logons and through hosts
allow/deny, only my work ip address and internal network addresses are
allowed access. The ip based access has been tested and is known to
work. My passwords are strong and changed every six weeks. The system
uses msec which trolls the folders and changes permissions back to
defaults on critical files/folders every one minute.
I run logwatch and read the report diligently each day. Msec also
delivers a report daily on files which have changed and ports which have
been opened/closed. Over the last year or so I have had appear a few
times, the following message in my logs and which has caused me concern.
!!!! 1 possible successful probes
/long_path_to_file/../../../etc/passwd HTTP Response 200
With the environment (described above) in place, should I be worried or
should I be confident that I have taken every precaution I can take?
Regards,
Rick
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
