Dave Stevens wrote: > I manage a web hosting server that we've recently upgraded, in part so > we could accommodate a domain that will enable community mapping. In a > recent exchange of mails one developer said: > > > "I could build the package directly on the server machine you have, > provided that the potential security risk posed by having compilers > installed is not an issue." That's how the "Internet Worm" spread. As a general principle, machines on the "periphery" or what one might call "firewall machines" should have nothing installed which they don't need in order to perform their primary intended function. That means both hardware and software, IMO. The less which is there, the fewer potentials for compromise exist. No services should run which aren't necessary for the functioning of the machine. Don't even install them unless you have to, but don't enable/start them if you install them. I would install rkhunter and tripwire, and I would peruse their logs. Mike -- p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);} Oppose globalization and One World Governments like the UN. This message made from 100% recycled bits. You have found the bank of Larn. I speak only for myself, and I am unanimous in that! _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos