-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 13 Jul 2006, Rion D'Luz wrote:
I'm wondering if it would make sense to make the web server(s) document root(s) remotely mounted fs's that would technically be w/in the file servers' domain.
We do this at one of our client shops, where there's a central storage server exporting sometimes-overlapping NFS shares: two SMB servers share certain portions of its filesystem read/write, and the public webserver shares some of those same portions read-only as a DocumentRoot. The result is that Windows clients can edit web files via an SMB share, and their changes go "live" on the website(s) immediately. (There are, necessarily, strenuous security considerations that go along with making this possible.)
In addition to implementing LDAP, I'd like to find a solution that produces something akin to a password vault, e.g. a kind of central authorization/authentication system that manages individual users' passwords for the various systems they access.
Linux Journal ran a four-part series of articles on this a few months back, starting with "Single Sign-On and the Corporate Directory, Part I"[1].
How can a trigger be set up to notify 'higher' when that user has just plain 'taken too much, too fast' (like 20million ss#'s or cc#'s) ... 'trusted' computing application/system which gives Sony wet dreams. Even when MS/Intel build it, the hackers will break it. Since I just want to know, not necess. prevent, data transfer, there's got to be an easier way.
Sounds like a three-part affair: 1) identify the filesystem you want to use, 2) make it log absolutely every file access, and 3) hack logwatch (or similar) to give you human-readable summaries so "reading logs" doesn't become your full-time job. Oh, and part 4: rotate and compress those logs like your life depends on it. ;-)
Cheers, - -sth [1] http://www.linuxjournal.com/article/8374 sam hooker|[EMAIL PROTECTED]|http://www.noiseplant.com tail -f /var/llog/llama -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFEukrLX8KByLv3aQ0RAjjEAJ46jm9JNmhpKdulUrW//BCDZ4G4ugCeMWby 5pzR0Z9+8iLMNL9E3X7sEQg= =dxjg -----END PGP SIGNATURE-----
