[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issues

To: linuxkb-list@seul.org
Subject: Re: Issues
From: "Aaron D. Turner" <aturner@best.com>
Date: Thu, 14 Jan 1999 21:37:41 -0800 (PST)
In-Reply-To: <19990114223513.A15716@pluto.ashtech.net>
Reply-To: linuxkb-list@seul.org
Sender: owner-linuxkb-list@seul.org

-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 14 Jan 1999, Jason Pincin wrote:

> OK.. a few things -
> 
> I added the core alias to qmail so that core@linuxkb.org reaches the core
> group.  This will mail yurself too... I'll fix that up later...

Cool.  So where should the MX record point?  I have no clue what you did
with qmail, maybe you could fill us in?

> DNS.  Aaron, I've seen some of the mail exchanges... have you set up for
> the ntp server yet?  

Yep.

> Have you done anything with named on the new box?

Not yet.  I'll get it going.

> Are we positive we want to put DNS there?  The only concern I harbor is
> the addition security risks... not a big one, but another exploit point
> nonetheless... anything we can eliminate to that end I say we do... but
> again... I'll leave that up to you two... if you feel OK about it, I'll do
> it.

I've given it some thought and done some research.  The good news is that
I can't find any 'sploits for the most recent version of bind (8.1.2) and
the last bug on the 8.x series was non-root explotiable (a DOS attack on
the bind daemon) that was easily preventable.

> Also... howabout limiting ssh accesible subnets?  How do you feel about
> limiting ssh access to subnets people needing shell access will be coming
> from plus one static IP (former linuxkb.org)?  

I'm very pro to this idea.  I have a static IP via my ISP and at work so
this isn't a problem for me.  Anyone have a dynamic IP?  (In my
experiance, many ISP's if you ask nicely enough and tell them that you
need a static IP for security reasons will give you one without much
fuss.)

> MySQL daemon is up and running.  I have to run the script input.  The only
> SQL user I have added at this point is the user I created which is the
> user MySQL will run as - mysqld.  Right now it's running as root
> actually... I need to stop restart it and throw the sysV scripts in.  But
> it is configured and the DB's have been moved to /home/db... all
> permissions have been appropriatly set.

Cool.

> Aaron - what's up with Apache?  What modules are compiled in at this
> point?  Is PHP in there?  I'd like to get that MySQL PHP administration
> tool going that you pulled down.  Lemme know.

Sorry for not getting back to you sooner on that.  I have notes in my
notebook that I need to post.  I'll be creating a section in /~aturner/ on
the server that has all my notes on Apache, the kernel, etc.  Both PHP and
mod_perl were compiled staticly (verses DSO) into apache.  We have the
latest version of PHP, mod_perl, and apache AFAIK.  Other non-standard
modules I compiled in were usertrack, expires, and cern_meta.  We may
never use cern_meta, but expires and usertrack should prove very useful.

> As far as the next IRC meet... I don't feel it'd be worth while until
> Monday or so.  That gives me the weekend to get a good bit done so we have
> a good bit to discuss.  It also gives us this time to finish fleshing out
> the box.  My box fiasco here at home slowed down the Diagrams I was
> working on but they along with the beginnings of the backend script code
> should be done/underway by Mon/Tue.

Sounds fine.

> So lets get some email flying back and forth here.  Is there anything you
> need right now Aaron to help you along?  

Not right now.  I'm working on getting htdig as it should be.  I take care
of named too.  I'm also trying to figure out why Apache doesn't give
directory listings in the public_html directories.  That and I picked up
the latest Perl Journal- has a nice writeup on writing dynamic menus for
websites via mod_perl.  If people get me IP's/networks I'll stick them in
tcp wrappers for ssh.

- -- 
Aaron Turner           | Either which way, one half dozen or another. 
aturner@pobox.com      | Check out the Red Hat Linux User's FAQ Online!
www.pobox.com/~aturner | http://www.pobox.com/~aturner/RedHat-FAQ/
All emails from this account are PGP signed.  Lack of a signature is "bad".
PGP Key fingerprint = FB E1 CE ED 57 E4 AB 80  59 6E 60 BF 45 1B 20 E8

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNp7UJzM3jpXy1kJtAQHQxgQAiDZWUZopMAQ7BKIPE6DkTm5pViEVwbFy
m0oH7QovnKrz855Zeb9nh65siYTuEYnySfkyjKVKvu6uI2J8zWFpD/E61dJukWHw
cmY3XGscXlATg0epEUcWjKgTxSPbCFqf4FJzrsI31hNsuVvqa23G8Aqe6CEvepZB
30uoT7JbP8o=
=bXkn
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Issues
  - From: Jason Pincin <jpincin@ashtech.net>
- Re: Issues
  - From: "Daniel E. Markle" <syntax@ashtech.net>

References:
- Issues
  - From: Jason Pincin <jpincin@ashtech.net>

Prev by Date: Issues
Next by Date: Forward DNS
Prev by thread: Issues
Next by thread: Re: Issues
Index(es):
- Date
- Thread