Find the answer to your Linux question:
Results 1 to 7 of 7
Dear All, what i need to do when i get back the maintenance from a vendor? before that the server was maintenance by the vendor, so he can access it ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2007
    Posts
    24

    What to do?


    Dear All,

    what i need to do when i get back the maintenance from a vendor?

    before that the server was maintenance by the vendor, so he can access it from remote.

    beside close he account and change root password, what should do?

    how can prevent he created "backdoor" to access to server?

    thanks

  2. #2
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    If you've already sent it to the vendor it is too late. If you want to be able to trust your system you're going to need to reinstall from scratch.

    Next time:
    • Use a HIDS like aide to capture information on binaries and config files while it is in a trusted state (aide's default configuration is pretty useful). Keep its database on separate media; do not leave it on the server itself. After you get the server back you'll run integrity tests.
    • Save the output of ps -efww on a normal day. Keep it on separate media. You'll compare this afterwards.
    • Save the output of netstat -atun on normal day. Same deal as above.
    • Save the output of iptables -nvL. Same deal as above.
    • Run rkhunter afterwards.


    The aide application will go a long way in catching anomalies. The other steps should be good sanity checks. Even after all this your box can't be 100% trusted until you reinstall from scratch. It all comes down to your level of comfort with the vendor and the importance of your data/services.

  3. #3
    Just Joined!
    Join Date
    Feb 2007
    Posts
    24
    Quote Originally Posted by anomie View Post
    If you've already sent it to the vendor it is too late. If you want to be able to trust your system you're going to need to reinstall from scratch.

    Next time:
    • Use a HIDS like aide to capture information on binaries and config files while it is in a trusted state (aide's default configuration is pretty useful). Keep its database on separate media; do not leave it on the server itself. After you get the server back you'll run integrity tests.
    • Save the output of ps -efww on a normal day. Keep it on separate media. You'll compare this afterwards.
    • Save the output of netstat -atun on normal day. Same deal as above.
    • Save the output of iptables -nvL. Same deal as above.
    • Run rkhunter afterwards.


    The aide application will go a long way in catching anomalies. The other steps should be good sanity checks. Even after all this your box can't be 100% trusted until you reinstall from scratch. It all comes down to your level of comfort with the vendor and the importance of your data/services.
    Thanks anomie,

    i don't think i can reinstall from scratch.
    I tell what my problem:

    be4 i join the company, the server(jz or web server) was maintenance by a vendor. There have two server which one is for intranet, and other for internet access. But now is planning to take back all maintenance service and done it by own.

    I cant even shutdown the server and reinstall from scratch. cause there are a lot web application was running and access by user all the world.

    some more they don't have backup server for it.

    can you provide me some more advise for my problem?

    thanks.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    I have to stick with what I said earlier. If you can't install from scratch, you don't have a trusted box. Your company needs to weigh those potential risks with availability requirements.

    Going OT with your latest question...

    Some other things your company needs to consider:
    • A failover box (or at least a cold spare) so that if the primary fails you can re-establish service without having to wait for hardware repairs or replacements.
    • A regular maintenance window -- a time when it is acceptable for you to make changes / patches.
    • A testing environment. If you have a cold spare, it could do double-duty as a test box if you're on a tight budget.
    • Regular backups! C'mon, they should know better.


    Fact of life: hard drives fail, PSUs fail, RAM fails, [insert_component_here] can fail.

  6. #5
    Just Joined!
    Join Date
    Feb 2007
    Posts
    24
    Quote Originally Posted by anomie View Post
    I have to stick with what I said earlier. If you can't install from scratch, you don't have a trusted box. Your company needs to weigh those potential risks with availability requirements.

    Going OT with your latest question...

    Some other things your company needs to consider:
    [list][*] A testing environment. If you have a cold spare, it could do double-duty as a test box if you're on a tight budget.
    I will set up soon for testing web application system.

    Quote Originally Posted by anomie View Post
    I have to stick with what I said earlier. If you can't install from scratch, you don't have a trusted box. Your company needs to weigh those potential risks with availability requirements.

    Going OT with your latest question...

    Some other things your company needs to consider:
    • A failover box (or at least a cold spare) so that if the primary fails you can re-establish service without having to wait for hardware repairs or replacements.
    • A regular maintenance window -- a time when it is acceptable for you to make changes / patches.
    do not catch what u mean.

    Quote Originally Posted by anomie View Post
    I have to stick with what I said earlier. If you can't install from scratch, you don't have a trusted box. Your company needs to weigh those potential risks with availability requirements.

    Going OT with your latest question...

    Some other things your company needs to consider:
    • A failover box (or at least a cold spare) so that if the primary fails you can re-establish service without having to wait for hardware repairs or replacements.
    • A regular maintenance window -- a time when it is acceptable for you to make changes / patches.
    • A testing environment. If you have a cold spare, it could do double-duty as a test box if you're on a tight budget.
    • Regular backups! C'mon, they should know better.


    Fact of life: hard drives fail, PSUs fail, RAM fails, [insert_component_here] can fail.
    Quote Originally Posted by anomie View Post
    I have to stick with what I said earlier. If you can't install from scratch, you don't have a trusted box. Your company needs to weigh those potential risks with availability requirements.

    Going OT with your latest question...

    Some other things your company needs to consider:
    [list]
    they are scheduling the backup system for database, but all data still save in server it self.


    Quote Originally Posted by anomie View Post
    I have to stick with what I said earlier. If you can't install from scratch, you don't have a trusted box. Your company needs to weigh those potential risks with availability requirements.

    Going OT with your latest question...

    Some other things your company needs to consider:
    • A failover box (or at least a cold spare) so that if the primary fails you can re-establish service without having to wait for hardware repairs or replacements.
    mean other server with same setting with existing?

    thanks for you reply.

  7. #6
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    Quote Originally Posted by chusoon
    mean other server with same setting with existing?
    Yes - same hardware, same OS/version, same packages/versions, etc. You can even sync user data (or other volatile data that should be in sync) nightly.

    The idea is to minimize downtown when a component fails on your primary server.

  8. #7
    Just Joined!
    Join Date
    Jun 2005
    Location
    iowa
    Posts
    64

    trust

    i can not beleive you dont trust your vendor...this is coming from a computer store owner a few years back!!!

    All important info (data) should be done on a stand alone system with back up removable hard drive or tape drive and/or encrypted up to a off site storage drive .

    pay the vendor ... trust the vendor He is the pro!!!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •