Git Informed When Your Site Is Hacked

Posted: May 4th, 2009 | Author: Jerod | Filed under: Git | Tags: security | View Comments

Good security require defense in depth. The more security layers you add, the harder it is to subvert them all. Here is a reactionary layer you can add to your security practices.

The only thing worse than getting hacked is getting hacked and not knowing it (or worse yet, having one of your clients inform you). Often times an attacker needs to add and/or change files on your site to accomplish their goal. Wouldn’t it be nice if something could inform you of unauthorized changes? Enter Git.

I will demonstrate using Git for change notification on a WordPress install using Ruby, but you can apply this principle in many scenarios (hmm, /etc…?).
Read the rest of this entry »

SliceHost + Debian + FireHOL gotchas

Posted: June 20th, 2008 | Author: Jerod | Filed under: Debian | Tags: firehol, security, slicehost | View Comments

Securing your slice with FireHOL is a really, really good move. Here are a few notes that may save you some time:

FireHOL requires a kernel config to know which modules to load, SliceHost uses Xen, so to get the kernel configuration in the right place, execute the following commands:
```
/proc/config.gz ~ && cd ~
gunzip config.gz && mv config /boot/config-`uname -r`
```
FireHOL ships with a safety net configured in /etc/defaults/firehol. It will not start until you edit this file and change this:
```
START_FIREHOL=NO
```
to this:
```
START_FIREHOL=YES
```

That should do it for gotchas. Now you can lock down your machine to assure you’re only serving what you expect. Fore more on configuring FireHOL, check out their online tutorial

blogt0sk1

with Jerod Santo

Git Informed When Your Site Is Hacked

SliceHost + Debian + FireHOL gotchas

Around The Web

Recommended Reading

Categories