Answer the question
In order to leave comments, you need to log in
How to secure a linux server after third parties work with it (passwords, keys, etc.)?
Access data (root password) from the server was passed to several linux admins. I would like to understand how to fully change access to the server, in addition to changing the root password.
I know about ssh keys (in /etc/ssh (CentOS)), but I want to find out how I can change them to new ones so that the old ones (if they were copied) stop working?
[solution with keys from icCE] The keys themselves on the server are in /etc/ssh pub public and key private. You need to delete all keys in /etc/ssh and regenerate them.
rm -rf /etc/ssh/ssh_host_* and restart ssh:
/sbin/service sshd restart
Answer the question
In order to leave comments, you need to log in
As I already wrote, you need to regenerate ssh keys. Change passwords.
View the lastlog of who logged in and when and check for suspicious things.
Check if strange repositories have been added to the systems, then check the system packages.
Honestly, I don't remember how this is done in yum. It is strongly recommended to install a system against rootkits. There were several articles on this topic on habre, here is one of them habrahabr.ru/post/112789/.
PS Yes, it's good to check cron, sometimes some admins leave not very good actions.
For example, delete something after a time of months.
The keys are in ~/.ssh/authorized_keys, but besides that, other users with administrator rights can be created, and backdoors can be saved if necessary, so it depends on the level of paranoia.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question