January 23, 2010

Linux Security Tip-of-the-day: Backup the configuration files

It is of utmost importance on an system to ensure to integrity of modified and security related configuration files. If someone were to break into your system all it would take is modifying specific configuration files for them to ensure that they maintain control of your system(s). For that reason you need to backup your configuration files after each modification.

A method that I have been using for some time is to store these files in an encrypted virtual partition that is stored on a remote machine. In addition to the remote storage I keep a file listing the md5sum for each important file, the md5sum file is used to do daily integrity checks and if necessary replace any modified files with my originals. Of course just replacing a file is not a good security practice, you will want to move the modified file to a safe place to review the actions to learn of any other potential changes and you will want to check system logs to see how the intruder got access to the system. Once the research has been completed you will learn much about the intruder that will assist you to potentially stop future related attacks.

Click Here!