[nycbug-talk] Searching for suspect PHP files...
Marc Spitzer
mspitzer at gmail.com
Tue Mar 10 23:51:09 EDT 2009
On Tue, Mar 10, 2009 at 6:35 PM, Matt Juszczak <matt at atopia.net> wrote:
>> Just a handy tip...
>
> Good pieces of advice. At this point, I'm implemneting mtree for my new
> server deployments, but I still wish there was a way to somehow check if
> my FreeBSD 6.3-RELEASE machine has been compromised.
Well if it really is keeping you up at night you can do the following:
1: reinstall the box from cds, feel free to make your own if you want
2: only install binaries that you have already check sumed on your system
3: set up a nms station and monitor all your traffic
4: host based IDS
5: rewrite all your php code in something safer, say haskel.
5: learn all the things you don't know yet to do all of the above
This is a huge investment in time that does not advance the bussiness
or
accept the fact that that you may have a problem down the road and get
on with your day. Security is like insurance, its not how much I want
its how much do I want to pay for.
This does not mean you do not take reasonable precautions to minamize
your risk, ie mtree, dir tree in temp, runing apache/web in a zone and
the list goes on. But befor you start down the security rabbit hole
set up a budget X dollars or Y hours for setup/training and Z hours
for monitoring daily/weekly. Then do as much security as you can
afford.
Thanks,
marc
--
Freedom is nothing but a chance to be better.
Albert Camus
More information about the talk
mailing list