On Sat, 2007-07-07 at 16:14 +0100, Damian Myerscough wrote: > On 07/07/07, seth vidal <skvidal@xxxxxxxxxxxxxxxxx> wrote: > > On Sat, 2007-07-07 at 10:39 -0400, Jesse Keating wrote: > > > On Saturday 07 July 2007 10:22:20 seth vidal wrote: > > > > 1. right now I have username.fedorapeople.org going to each users' > > > > ~/public_html dir. There are no cgis allowed at all, that seems > > > > reasonable to me - makes sense to everyone else? > > > > > > Does that include mod_python stuff? Being able to run gitweb or hgweb stuff? > > > > > > yes, it includes those. I don't think we should be running cgis of any > > sort. They eat ram and expose us to more risk, don't they? > > Yes I agree there, I am assuming that PHP/Perl will also be disabled? php isn't even near the box - and if net-snmp didn't require perl perl would be removed, too. > > Isn't the above what rsync is for? I guess I'm inclined to not have any > > scm - this is just a big box which serves files, statically, and does > > not open us up to that many attack vectors. > > Will you be denying SSH "shell" access? yes - that's the point of this machine to do that. -sv
