Security: How to improve security of Linux servers when few resident developers need shell access?

Question

Possible Duplicate:
SysAdmin & Developer: Responsibilities

Suppose, I have 20 servers:

We keep data in Linux servers
Developers often need to Login to the server to debug some issue
Sometimes they have to access user data and run through the app in production to replicate a problem that was not reproducible in test environment

What are the best practices for this situation?

score 0 · Accepted Answer · answered Nov 30 '12 at 12:47

Make sure that each developer has his own account (you might want to use SSH Public-Key Authentication instead of password authentication).
Limit ssh access to certain IP ranges and/or enable access only via VPN.
Use patches for the Linux kernel e.g. grsecurity.
Make sure that each developer has some idea about security issues.
Use some tool for server monitoring.
Pray.

score 0 · Answer 2 · answered Nov 30 '12 at 13:05

The best practice is hiring people you can trust and making that a decent part of the hiring process. We have 150 developers who all have access to production systems for troubleshooting and for code rollouts. They also have access to copies of production data, with only the creditcard details removed from them.

This is impossible to do if you do not trust your employees, so you better make sure you can trust them :)

Security: How to improve security of Linux servers when few resident developers need shell access?

2 Answers2