One of the servers I look over has been compromised by what appears to be an XSS exploit. Much of my weekend has consisted of a harsh Linux system audit, in attempts to harden the system. One of the key upgrades is the use of the Apache mod_security and the great collection of signatures and rules by www.gotroot.com. Perhaps I’ll write a How-To at some time for installing that mod . Any who, I had a blast and hope to be able to repay this friend of mine some time soon.
you will also need to use
you will also need to use some sort of MAC, at least, LIDS, grsec or SELinux. mod_security is not enough.
You are right.
>> you will also need to use some sort of MAC, at least, LIDS, grsec or SELinux. mod_security is not enough.
You are right. Mod_Security is not enough, just one of the building blocks used. I could also suggest; PHPSuExec, APFirewall, & SELinux.