SE Linux systems not vulnerable
SE Linux systems not vulnerable
Posted Nov 10, 2005 15:40 UTC (Thu) by drag (guest, #31333)In reply to: SE Linux systems not vulnerable by copsewood
Parent article: A Linux worm on the loose?
If you were running your server in a Xen domain it still would of been taken over. It just would of only taken over that paticular host.
How is that so much better then running a dedicated box for webhosting?
Xen and such is nice because you can acheive the same effect as hosting in a dedicated box on a box that can do lots of different things.
You see Xen and virtualization doesn't realy improve security, it just makes it easier to reduce the effect of having your security comprimised. And still with a machine rooted in your network, even if it's running in a virtual box, it's going to make it just that much easier for the attacker to take over any other boxes on that network.
Now on the other hand if you were running SELinux it would of just stopped it from doing anything, including taking over your Xen host.
Now of course the smartest thing would of been just to stay the hell away from PHP. This isn't the first worm out there in the wild exploiting vunerabilities in PHP, and it won't be the last. If your going to use it then at least keep it up to date religiously.
In fact it's kinda irritating. Linux had it's only viruses and only worm problems previously back when we had Redhat doing insane stuff like enabling all services in Redhat 6-7.x by default. Since then there hasn't been any problems like this even with vastly increased popularity in Linux/Redhat stuff.
Hell even Microsoft figured this crap out!
So if they, and most everybody else, has learned their lessons.. then why are people still running around with unpatched web-facing servers? Anybody running a webserver in a unpatched state realy realy needs to be hit by a big-ol' clue stick.
The term 'Complete Morons' come to mind as well as numerious other phrases best left unsaid. It's just making life harder for everybody else.
Oh, and if your server has been rooted. Format and reinstall. That's the only solution. Otherwise your going to be running a comprimised server and there isn't anything you can do about it.