I just sent a longer e-mail about Chef, but I forgot to add that while I like Chef, Puppet, CFEngine, ect. Are all good products, what matters is having well defined reproducible configurations. -- Paul Mooring Systems Engineer and Customer Advocate www.opscode.com On 3/11/13 2:30 PM, "Ed" wrote: >On Mon, Mar 11, 2013 at 11:40 AM, Vimal Shah wrote: >> Thank you for the advice. The necessary security layer that was missing >>has >> been identified and is being incorporated. >> >> Deploying a server from scratch has been tedious (running each command >> manually). Capturing all of these commands into a python script seems >> obvious. The python script is slow to develop due to the fact that I'm >> trying to learn it and code it at the same time. >> > >look into cfengine to manage configurations - works with subversion too. >1) makes deployment of servers or workstations very easy - and keeps them >there >2) dynamic reactions - can deploy/decommission depending on load > >> Has anyone had any experience with Vagrant? Is it worth the time to >> investigate? >> >> Lastly, if anyone is available for some consulting on these matters >>(server >> security and deployment), please contact me. >> >> >> On Thu, Mar 7, 2013 at 4:25 PM, Paul Mooring wrote: >>> >>> It's likely that if he left that key in there with a valid e-mail >>>address >>> then whoever compromised the server wasn't trying to be discrete. I >>>would >>> check my auth logs to see when/if someone was logging in from somewhere >>> suspect. Next if the server was compromised, it's done, you can never >>>trust >>> it again, no amount of clean up or post-mortem investigation can ever >>>give >>> reasonable confidence that there's no back door on it. Move the >>>services >>> and data and make a new server/clean install, then look very carefully >>>at >>> what attack vector was exploited and close it (like if it was brute >>>force >>> you should have ssh for root turned off, more restrictive firewall >>>rules and >>> ssh guard). >>> >>> Having a server compromised can be a huge headache, good luck. >>> -- >>> Paul Mooring >>> Systems Engineer and Customer Advocate >>> >>> www.opscode.com >>> >>> From: Vimal Shah >>> Reply-To: Main PLUG discussion list >>> Date: Thursday, March 7, 2013 4:49 PM >>> To: Main PLUG discussion list >>> Subject: server compromised? >>> >>> Hello all, >>> >>> While randomly looking into the .ssh/authorized_keys file, I noticed a >>> line that shouldn't have been there. This was concluded based on the >>>last >>> portion of the line. This portion was in the form of user@domain.com, >>>where >>> the domain was one of a likely competitor. Does this automatically >>>mean that >>> this server has been compromised? The line has been removed. >>> >>> Thanking everyone in advance. >>> >>> -- >>> Vimal >>> >>> --------------------------------------------------- >>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>> To subscribe, unsubscribe, or to change your mail settings: >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >> >> >> >> >> -- >> Vimal (rhymes with Kimmel) Shah >> Front-End / Infrastructure Engineer >> Sokikom >> Mobile: (480) 752-9269 >> Email: vimals@sokikom.com >> Web: www.sokikom.com >> >> Follow us: twitter.com/sokikom >> Like us: facebook.com/sokikom >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >--------------------------------------------------- >PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >To subscribe, unsubscribe, or to change your mail settings: >http://lists.phxlinux.org/mailman/listinfo/plug-discuss > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss