Re: Light weight IDSes and then some

[George P Boutwell <george.boutwell@gmail.com>]

On 7/14/05, DI Peter Burgstaller <peter@ais-salzburg.at> wrote:
> I'm using AIDE and am very happy with it.

Thanks I'll look into it.

> > 2) Apache & or cgi-bins I use, where the cause of my closest to being
> > compromised situations.  If I set-up Apache, PHP, cgis, etc in a
> > chroot jail, how can I still provide and /~username/ type set-up, as I
> > have at least 2 situations where I rely heavily on that?  As near as I
> > can tell this is not covered in any of the Apache chroot information
> > I've read.
> I don't really see the problem with /~username/ in a chroot
> environment. You can
> loopback mount if you need those homes somewhere else as well.

Well.. Currently if I add a user, say user1...  He gest an public_html
directory added to his /home/user1 directory.  If he set-up an index
file of some kind in that directory the url http://myserver/~user1/
gives him that index file...  How could I still provide ~/public_html
directory in users 'home' and still have Apache serve it up from a
chroot?


> > 3) I'd like to provide some limited SFTP (SSH FTP) mechanisms for
> > select individuals, for these I would really like to do away with the
> > shell, but I haven't found away, how can I provide an shell-less SFTP
> > or severely restricted SFTP service for these people?
> 
> If you already have apache on that machine, why not run webdav on
> apache-ssl and you won't need shell accounts

Hmm... I'll have to think about that...  However SSH is the main way
that I admin my machine (it's basically headless - my woody one has
been so reliable :) ) and it has some really nice FTP like tools that
support it (like FileZilla)

Thanks Peter for your comment, recommendations, etc.

-- 
George