Hi all,
we're new to Islandora and we like to join the community. We've set up our first Islandora instance recently and we're near to move it to production. I've tried to find something like "securing Islandora" and I've found this thread.
Short story long: we set up our Islandora instance month and half ago, only for the testing purposes, so we set the firewall INPUT chain quite strict. However, by accident, the firewall didn't start after we restarted the server and we didn't notice it. 14 days later, our CSIRT was reported that the server was used for DDoS attack. After the netflow analysis we realized that it is true and the server was hacked somehow. Since it wasn't production service we disconnected the server from network and I have it for forensic analysis now (the server is under the VMware).
The server itself was secured in a standard way - upgrades, ssh access only via keys, Tripwire (including integrity control of tripwire keys and binaries) etc. And it seems the attacker very probably didn't get the root. But I haven't found what really happened yet (I'm not expert on forensic analysis, I'm just pure sys admin). Probably I'll get the backup of the server using veam and I'd like to work on it further and I can share my findings.
The weakness probably lies in Drupal and several external modules we use - we didn't do security upgrades of it :-(. That was a mistake.
So, the question is if there is some kind of "How to secure Islandora". If not, what do you do to secure it?
My plan to secure it is to:
a) do automatic upgrades of Drupal and related modules (using Drush)
b) take the Islandora under Tripwire control
c) ???
I would really appreciate if you could help me.
Regards
Vlastik Krejčíř
Library and Information Centre, Institute of Computer Science
Masaryk University, Brno, Czech Republic
Dne středa 8. června 2016 v 14:54:33 UTC+2 uživatel
dric...@utk.edu napsal: