[Gllug] DMZ to inside copy
Richard Jones
rich at annexia.org
Thu Jan 15 18:30:04 UTC 2004
scp and the trust relationship is one solution that others have
already outlined. However, I have problems creating extra login
accounts on sensitive machines, and I think you should avoid this if
at all possible.
So a question: are the logs themselves very sensitive? Probably not
particularly sensitive I would think. In which case, why not publish
the logs over HTTP from the DMZ machine using an obscure URL, eg:
Alias /private-logs/ /var/log/apache/
<Location /private-logs/>
Allow from restricted.ip.address
</Location>
Then use a simple wget on the LAN machine to fetch the logs.
Rich.
--
Richard Jones. http://www.annexia.org/ http://freshmeat.net/users/rwmj
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
"One serious obstacle to the adoption of good programming languages is
the notion that everything has to be sacrificed for speed. In computer
languages as in life, speed kills." -- Mike Vanier
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list