I think Apache and SSH are both great for documentation, file shareing,
etc. etc. We just need to be very careful when configuring things for mass
distribution not to leave too many things open. (DCOM RPC, anyone?) Right
now, I believe, in SM 3.3 Test 3 Apache is configured to serve /doc to
localhost, but /cgi-bin/info2www is open to the world, as well as the default
page and /phpinfo.php. This isn't terribly bad, but it does leak a lot of
information about the system configurated to the 'net and and could be a
springboard to would-be attackers. If a hole is found in apache, php, or one
of the scripts (i.e. info2www) after a significant number of installations
are around, this would be fertile ground for a linux worm... It would be best
at least to disable cgi-bin and remove the phpinfo.php script.
SSH isn't as bad. The main problem is that users cronically choose weak
passwords. In my opinion it would be best off (or firewalled) with an easy
option to enable it.
BTW, is there any mechanism for easy "security updates" in Mepis. I know,
"apt-get update; apt-get upgrade", but that could be intimidating to
beginning users. Last time I did this, I think it took > 30min and I had to
confirm whether or not I wanted to overwrite several configuration files I
had never heard of. It can also break things... It would be great if Mepis
had a simple way of installing critical security updates from the GUI. Maybe
via a virtual package or something. Of course, even better would be to build
an OS that didn't need any, but that may be wishful thinking...
Daniel
On Saturday 19 February 2005 6:10 pm, Josh King wrote:
> IMHO Apache is a worthwhile inclusion for any computer that's not
> completely open to the internet. It allows for very easy file sharing
> among other machines on the network (i.e. drop something in your home
> public_html and download it on another machine from a web browser), as
> well as the documentation reasoning. I'd suggest a simple way to enable
> this feature myself. Something akin to how OS X handles the exact same
> situation using file sharing and the sites folders.
>
> SSH may be dubious for a beginner. My wife (who uses Debian on PPC) has
> been using Linux for almost a year now, and has no clue about nor reason
> to use ssh or scp. However, having it on her computer makes my life much
> easier :-)
_______________________________________________
Dev-mepis mailing list
[email protected]
http://mepis.org/mailman/listinfo/dev-mepis_mepis.org
