On Thu, 2008-04-17 at 12:00 +1000, [EMAIL PROTECTED] wrote: > I run my own web server and have done so for a number of > years. The OS > is Mandriva Server 3 which is now 3 years old but still > supported and I > keep it fully patched and up to date. I receive the security > advisories > and act within hours on those. I have recently updated > OpenSSH. I am > planning to change to CentOS 5.1 in a few weeks. > > My router only has the necessary ports open for mail, ssh and > web. FTP > is blocked and the service does not run on the box. I run ssh > through a > non standard port (externally) and use normal password > authentication. > The ssh config file does not allow root logons and through > hosts > allow/deny, only my work ip address and internal network > addresses are > allowed access. The ip based access has been tested and is > known to > work. My passwords are strong and changed every six weeks. > The system > uses msec which trolls the folders and changes permissions > back to > defaults on critical files/folders every one minute. > > I run logwatch and read the report diligently each day. Msec > also > delivers a report daily on files which have changed and ports > which have > been opened/closed. Over the last year or so I have had > appear a few > times, the following message in my logs and which has caused > me concern. > > !!!! 1 possible successful probes > /long_path_to_file/../../../etc/passwd HTTP Response 200 > > With the environment (described above) in place, should I be > worried or > should I be confident that I have taken every precaution I can > take?
Rick <smile> where do you keep the gold? My system sounds like yours: www, mail, ssh on non standard, no root login. I made a complete disk backup on install (A WD raptor failed after 3 years (warranty :-), so the backup was pressed into service) But passwords are untouched after 5 years, updates happen 1 or 2 per year, no other restrictions are enforced. I sleep easy, knowing that worst-case is a disk swap and some pondering, and I've 5 years of lolling on the beach while you fret over the logs ... Of course if you're having fun then do enjoy. James -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
