The purpose of this page is to look at some of the ways you might like to consider for protecting your server from the effects of a vulnerability in drupal such as drupageddon. Currently, Nov 2014, these tools are available for Ubuntu but may also be available for other systems. I've no doubt something similar will exist for most linux systems.

This is a work in progress and any contributions are welcome. I thought I'd start it off with minimal information as it may prove immediately useful to anyone in the process of rebuilding a server since some of these tools work best when added as part of a new build. I will flesh it out with more detail over the coming months.

  1. Tripwire: A host intrusion detection system. There are instructions on how to use it here
  2. rkhunter: A tool for detecting rootkits
  3. chkrootkit: Similar to rkhunter. A tool for detecting rootkits
  4. AppArmor: According to the AppArmor wiki

    AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited. AppArmor security policies completely define what system resources individual applications can access, and with what privileges. A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours.

Useful Links

  1. Did I just get owned

    Helps you understand some of the tell-tale signs you have been attacked.

  2. How to secure a ubuntu server

    A useful list of tools you can use to make your server more secure