awstats munged httpd rights in SElinux, how to fix?
Gene Heskett
gene.heskett at verizon.net
Sat Aug 2 07:43:27 UTC 2008
On Friday 01 August 2008, Tim wrote:
>Tim:
>>> I'd still stick with using your computer as yourself, just use another
>>> terminal as root for configuration issues. Especially if you're opening
>>> your computer up to the world as a webserver. You do want as much
>>> protection as you can manage, in that situation.
>
>Gene Heskett:
>> I'm not directly connected to the net here, dd-wrt, x86 version
>> running on an old 450 mhz k6-iii is between me and the black hats. It
>> gets about 500 root login attempts a day, but the password is both
>> long and unique.
>
>In that case, the main worries would be that they could find an exploit
>in a webserver that doesn't require a logon (abusing guestbook scripts,
>and the like), or just abusing mail forms to send spam through your
>service to someone else. I get a few script kiddies rattling the
>windows on my website, but they only get 404s. I don't have the scripts
>that they're looking for to exploit.
Neither do I, that and sheer CRS is why there isn't any wrappers around the
pix on my site, just a list of pix, and 90% of those are just links to the
real file someplace else.
>I don't have remote shell access, I haven't thought of a reason that I'd
>really want it. One day I might set things so I can access my mail
>servers remotely, but not before I've figured out how to do it securely
>(i.e. encrypted access only).
I thought of that, using imap, but somehow that seems to be, from the stories
I read here on the net, just a way to add another single point of failure.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The minute a man is convinced that he is interesting, he isn't.
More information about the fedora-list
mailing list