On Feb 3, mailings - kunstwerke.designs <mailings@kunstwerkedesigns.de> wrote:
Hi People,
need some advice in securing two suSe Linux 8.2 Server which should communicate through a remote Shell running on wwwrun ( PHP driven ). Servers are both secured with portsentry.
I don't really understand what you mean by "php driven remote shell". Can you tell us the software that you are using?
I am using a PHP Script i wrote to connect via ssh from a website on my Webserver to the remote one. Its only a process opened via proc_open() in PHP with which i join the shell remotely from my webserver using ssh2.
Any hints / advices what else i should do to keep the risk down to a minimum?
I would at least install a custom kernel with grsecurity patch, forbid users to see processes of other users and enable as many of the other security options as possible (some break e.g. java, so watch out). Of course, always watch your logfiles (logcheck) and apply security updates when they come out (fou4s).
Markus
Got to read something more about grsec patch, nice idea. Thanks ben