Re: Light weight IDSes and then some
On 7/14/05, DI Peter Burgstaller <firstname.lastname@example.org> wrote:
> I'm using AIDE and am very happy with it.
Thanks I'll look into it.
> > 2) Apache & or cgi-bins I use, where the cause of my closest to being
> > compromised situations. If I set-up Apache, PHP, cgis, etc in a
> > chroot jail, how can I still provide and /~username/ type set-up, as I
> > have at least 2 situations where I rely heavily on that? As near as I
> > can tell this is not covered in any of the Apache chroot information
> > I've read.
> I don't really see the problem with /~username/ in a chroot
> environment. You can
> loopback mount if you need those homes somewhere else as well.
Well.. Currently if I add a user, say user1... He gest an public_html
directory added to his /home/user1 directory. If he set-up an index
file of some kind in that directory the url http://myserver/~user1/
gives him that index file... How could I still provide ~/public_html
directory in users 'home' and still have Apache serve it up from a
> > 3) I'd like to provide some limited SFTP (SSH FTP) mechanisms for
> > select individuals, for these I would really like to do away with the
> > shell, but I haven't found away, how can I provide an shell-less SFTP
> > or severely restricted SFTP service for these people?
> If you already have apache on that machine, why not run webdav on
> apache-ssl and you won't need shell accounts
Hmm... I'll have to think about that... However SSH is the main way
that I admin my machine (it's basically headless - my woody one has
been so reliable :) ) and it has some really nice FTP like tools that
support it (like FileZilla)
Thanks Peter for your comment, recommendations, etc.