Re: phpmyadmin location

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, Apr 18, 2013 at 2:44 AM, Arun Khan <knura9@xxxxxxxxx> wrote:

> On Thu, Apr 18, 2013 at 8:14 AM, SilverTip257 <silvertip257@xxxxxxxxx>
> wrote:
>
> > But at the same time it's not prudent to allow anyone access to a service
> > (host/port/page/whatever) when they have no need to.
> >
> > Perfect example being people who let SSH open to the world on production
> > boxes and do little to nothing to protect it.
>
>
> How do you handle the ACL when multiple users need the ssh access?
>

You could create an iptables chain specifically for those needing SSH
access.
For a boat load of customers though this may not scale well.

On many of my systems anyone other than sys admins do not need SSH access.
 And on top of that people that work remotely have VPN access.

Clearly, my situation is different than yours but maybe you can adapt
something.


> Use case scenario,  I have setup CentOS based LAMP servers (as an
> admin) and pay extra for static IPs to assure my clients that  I
> access their servers from specific IPs only.   However,  the web
> developers who keep making changes (per client request) need sftp
> access to the boxen; their respective ISP service, provide only
> dynamic IPs (or charge extra which the freelancer will not pay for)
>
> At the moment, I have had to leave it open with fail2ban monitoring
> the ssh port.
>

If fail2ban is working well then stick with it.  I more often use fail2ban
on vsftp and sasl auth logs since ssh is all but isolated from the outside
world on _most_ boxes.


>
> --
> Arun Khan
> Sent from my non-iphone/non-android device
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>


Cheers,

-- 
---~~.~~---
Mike
//  SilverTip257  //
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux