On Friday 01 August 2008, Tim wrote:
>Tim:
>>> I'd still stick with using your computer as yourself, just use another
>>> terminal as root for configuration issues. Especially if you're opening
>>> your computer up to the world as a webserver. You do want as much
>>> protection as you can manage, in that situation.
>
>Gene Heskett:
>> I'm not directly connected to the net here, dd-wrt, x86 version
>> running on an old 450 mhz k6-iii is between me and the black hats. It
>> gets about 500 root login attempts a day, but the password is both
>> long and unique.
>
>In that case, the main worries would be that they could find an exploit
>in a webserver that doesn't require a logon (abusing guestbook scripts,
>and the like), or just abusing mail forms to send spam through your
>service to someone else. I get a few script kiddies rattling the
>windows on my website, but they only get 404s. I don't have the scripts
>that they're looking for to exploit.

Neither do I, that and sheer CRS is why there isn't any wrappers around the
pix on my site, just a list of pix, and 90% of those are just links to the
real file someplace else.

>I don't have remote shell access, I haven't thought of a reason that I'd
>really want it. One day I might set things so I can access my mail
>servers remotely, but not before I've figured out how to do it securely
>(i.e. encrypted access only).

I thought of that, using imap, but somehow that seems to be, from the stories
I read here on the net, just a way to add another single point of failure.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The minute a man is convinced that he is interesting, he isn't.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gene Heskett wrote:
> Greetings;
>
> Wanting to see who might have visited my simple web page, I installed awstats
> from the fedora repo today.
>
> The awstats selinux helper seems to be an empty file, yumex win't dl it or
> install it even when checked.
>
>>From the yumex screen:
> 7:59:02 : Package Queue:
> 17:59:02 : Packages to install
> 17:59:02 : ---> awstats-selinux-6.7-1.fc8.noarch
> 17:59:02 : Preparing for install/remove/update
> 17:59:02 : --> Preparing for install
> 17:59:02 : Package awstats-selinux is obsoleted by awstats, trying to install
> awstats-6.8-1.fc8.noarch instead
> 17:59:02 : Package awstats-6.8-1.fc8.noarch already installed and latest
> version
> 17:59:06 : Error in Dependency Resolution
> 17:59:06 : Success - empty transaction
>
> which is self-explanatory.
>
> But on attempting to look at my page at localhost, I get connection refused.
>
> So I as root, do:service httpd restart
> Stopping httpd: [FAILED]
> Starting httpd: (13)Permission denied: httpd: could not open error log
> file /etc/httpd/logs/error_log.
> Unable to open logs
> [FAILED]
>
> And an selinux denial that says I can fix it with this:
> #> setsebool -P httpd_unified=1
>
> But I've now executed that line several times without success.
>
> I've also gone through the httpd stuff and made much of it 0644 and owned by
> apache:apache.
>
> Obviously I'm suffering from the local heat and missing the flashing red light
> here, so what is next folks? It was all working AFAIK before I installed
> awstats, when running kernel 2.6.26 just yesterday, but now booted to
> 2.6.27-rc1. Dunno which is the culprit. Help!
>
Did you check the labeling on the log files?

Are you getting any AVC messages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkiXV2cACgkQrlYvE4MpobPtJwCffwXWURuSA3 W9wWFap8rEQUnn
iIMAoJ2/yI5CEcn5KBipFgRCSF92gqLQ
=OIdW
-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

On Monday 04 August 2008, Daniel J Walsh wrote:
>Gene Heskett wrote:
>> Greetings;
>>
>> Wanting to see who might have visited my simple web page, I installed
>> awstats from the fedora repo today.
>>
>> The awstats selinux helper seems to be an empty file, yumex win't dl it or
>> install it even when checked.
>>
>>>From the yumex screen:
>> 7:59:02 : Package Queue:
>> 17:59:02 : Packages to install
>> 17:59:02 : ---> awstats-selinux-6.7-1.fc8.noarch
>> 17:59:02 : Preparing for install/remove/update
>> 17:59:02 : --> Preparing for install
>> 17:59:02 : Package awstats-selinux is obsoleted by awstats, trying to
>> install awstats-6.8-1.fc8.noarch instead
>> 17:59:02 : Package awstats-6.8-1.fc8.noarch already installed and latest
>> version
>> 17:59:06 : Error in Dependency Resolution
>> 17:59:06 : Success - empty transaction
>>
>> which is self-explanatory.
>>
>> But on attempting to look at my page at localhost, I get connection
>> refused.
>>
>> So I as root, do:service httpd restart
>> Stopping httpd: [FAILED]
>> Starting httpd: (13)Permission denied: httpd: could not open error log
>> file /etc/httpd/logs/error_log.
>> Unable to open logs
>> [FAILED]
>>
>> And an selinux denial that says I can fix it with this:
>> #> setsebool -P httpd_unified=1
>>
>> But I've now executed that line several times without success.
>>
>> I've also gone through the httpd stuff and made much of it 0644 and owned
>> by apache:apache.
>>
>> Obviously I'm suffering from the local heat and missing the flashing red
>> light here, so what is next folks? It was all working AFAIK before I
>> installed awstats, when running kernel 2.6.26 just yesterday, but now
>> booted to 2.6.27-rc1. Dunno which is the culprit. Help!
>
>Did you check the labeling on the log files?
>
>Are you getting any AVC messages.

Not now, it was a bug in 2.6.27-rc1 that I've patched & all is now well.

Thanks.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Necessity hath no law.
-- Oliver Cromwell

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list