| esexon 2003-10-11, 12:52 pm |
| Hello
My company runs dedicated and managed servers. I have been asked by my manager to do a full security audit on 6 servers all belonging to one of our biggest customers.
I have been asked to update all the programs to the most recent version and do a kernel upgrade as well.
They are all running Redhat 7.3 and running a various differant applications, This is the netstat info from one of the servers.
tcp 0 0 *:32768 rpc.statd Samba
tcp 0 0 theserver1:4001 java
tcp 0 0 *:6051 asagentd
tcp 0 0 theserver1:8005 java
tcp 0 0 *:4101 java
tcp 0 0 *:8009 java
tcp 0 0 *:netbios-ssn SamBa
tcp 0 0 modserver1:9007 java
tcp 0 0 *:sunrpc Portmap
tcp 0 0 *:webcache java
tcp 0 0 theserver1:9009 java
tcp 0 0 *:ssh ssh
tcp 0 0 theserver1:9015 java
tcp 0 0 theserver:afs3-fileserver java
tcp 0 0 theserver:afs3-callback java
tcp 0 0 theserver1:smtp Sendmail
Some of the other servers are running Postgresql and Apache compiled from source and NOT rpms.
Basically my question here is what steps should I take to make sure these servers are fully patched? I have used Redhat up2date before and havent had any issues but what im worried about is all the custom java applications the customer is running and the source installs of Postgres and Apache. I have heard a few nightmare stories regarding this. I know it is possible to update the Kernel quite easily through up2date but ive never done this on a live customer server.
The servers have never been patched so its a wonder they havent already been rooted. The uptime on most of the servers is 200days +
Anyway, any advice would be great as I have to have a upgrade plan done by Monday. I am going to try and replicate one of their servers in my test lab to see the results but this is not 100% fool proof.
Thanks in advance.
esexon |