[Watford] Watford Digest, Vol 136, Issue 2
Alain Williams
addw at phcomp.co.uk
Tue Aug 11 13:21:57 UTC 2009
On Tue, Aug 11, 2009 at 01:53:01PM +0100, Plum Hartnell wrote:
> > So, like it or not, we do need to take security seriously. I doubt that Magnus would like to
> > have one of his IP addresses end up in a RBL!
>
> I agree - I think ultimately port 80 and port 22 (or whatever we agree
> on for ssh) only - FTP is not really necessary as we can use SFTP
> anyway. The GUI I think we can lock down with .htaccess or at Magnus's
> place and then use port forwarding as Steven suggests?
I have changed the vsftpd config so that we now have a file that contains the names
of those who *can* login, rather than a list of those who *can't* -- this is far more sensible.
That file is currently empty, except for comments.
Anonymous ftp is not allowed. We could enable it, but currently $HOME for ftp is '/', so we
ought to change that to /var/ftp or /opt/var/ftp -- I am unsure which of the 2 we should
use on this machine.
Anon FTP can be useful for downloads.
I notice that '/' is writable to the group 'everyone' that contains:
everyone::501:guest,admin,wlug,plum,jason,bahulneel
That does not look clever to me.
Backups
*******
I have just added /opt/var/lib/mysql to the directories that will be backed up, that list
now is:
root etc opt/etc opt/local home opt/var/lib/mysql
Please let me know if you want changes to that.
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
Past chairman of UKUUG: http://www.ukuug.org/
#include <std_disclaimer.h>
More information about the Watford
mailing list