We asked our provider to investigate why one of our servers rebooted last night. In the process they accidentally rebooted it again… this is root’s bash_history just before it happened, note line 971:
954 2011-08-17_15:10:39 sar -q
955 2011-08-17_15:10:59 sar -q|less
956 2011-08-17_15:11:09 sar -r|less
957 2011-08-17_15:11:24 last -x|less
958 2011-08-17_15:11:49 history |grep -i shutd
959 2011-08-17_15:11:21 history
960 2011-08-17_15:11:32 date
961 2011-08-17_15:13:52 cd /var/log/
962 2011-08-17_15:13:53 ls
963 2011-08-17_15:13:54 ls -lah
964 2011-08-17_15:13:58 less audit/
965 2011-08-17_15:14:04 less audit/audit.log
966 2011-08-17_15:14:25 less secure
967 2011-08-17_15:15:15 grep -v nagios secure | less
968 2011-08-17_15:16:11 dmesg
969 2011-08-17_15:17:57 sar -r
970 2011-08-17_15:18:19 dmesg
971 2011-08-17_15:18:30 dmesg | reboot
972 2011-08-17_16:20:20 [LOGOUT]: xxxx pts/2 2011-08-17 15:27 (xxx.xxx.xxx.xxx)
Disclaimer: This article is provided for your information only, and simply following this guide will not make your server “secure”. As the server administrator you are ultimately responsible for its security!
Having recently been through the process of setting up a few Ubuntu LAMP (Linux, Apache, MySQL, PHP) servers lately I thought I’d make an article out of my notes and provide a starters guide to setting up the LAMP stack on Ubuntu.
It goes without saying that the only truly secure computer is one with no network connection, no ports or input devices and is locked in a bank vault, but such a machine is not terribly useful. Regretfully, compromises must be made to allow functionality! Besides presuming insecurity, there are a lot of things you can do to make your server more secure and keep out the vast majority of would-be hackers running port scans, meta-exploit scripts and dictionary attacks.