[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cpx] RE: Conf file poltergeist?

Subject: Re: [cpx] RE: Conf file poltergeist?
From: Steve Yates <steve@xxxxxxxxxxx>
Date: Thu, 10 Mar 2005 09:20:01 -0600

On Thu, 10 Mar 2005 11:10:34 -0000
"Bob Browning" <bob@xxxxxxxxxx> wrote:

>   CustomLog /home/client/www/logs/access_log combined

	Did you read the Apache info about never putting logs in a
user-owned folder?

http://httpd.apache.org/docs/misc/security_tips.html

"If you allow non-root users to modify any files that root either executes or writes on then you open your system to root compromises. For example, someone could replace the httpd binary so that the next time you start it, it will execute some arbitrary code. If the logs directory is writeable (by a non-root user), someone could replace a log file with a symlink to some other system file, and then root might overwrite that file with arbitrary data."

> The 'enable www checkbox is unchecked!
> ServerName www.client.co.uk

	In the "CPX method", ServerName is the domain (no www), and
"enable www" adds "ServerAlias www.client.co.uk".

 - Steve Yates
 - ITS, Inc.
 - Megahertz:  When something is really painful.

======================================================================
This is <cpx@xxxxxxxxxxxxx>      <http://www.groupmail.org/lists/cpx/>
Before posting a question, please search the archives (see above URL).

Follow-Ups:
- RE: [cpx] RE: Conf file poltergeist?
  - From: Bob Browning

References:
- [cpx] RE: Conf file poltergeist?
  - From: Bob Browning

Prev by Date: [cpx] RE: Conf file poltergeist?
Next by Date: RE: [cpx] RE: Conf file poltergeist?
Previous by thread: [cpx] RE: Conf file poltergeist?
Next by thread: RE: [cpx] RE: Conf file poltergeist?
Index(es):
- Date
- Thread

Home | Main Index | Thread Index