On Wed, 2010-11-03 at 11:27 -0400, Robert Moskowitz wrote: > This is NOT a publicly facing server. It is behind my firewall (A > Juniper SSG5) on a subnet that has very limited outside access. Other > subnets here have limited access to this subnet. This server is > running the Amahi.org setup and serves as a PDC to clients on its > subnet, and some Amahi apps for all local subnets. I am adding the > repo services for the local devices (on its subnet) and so I can > rebuild my main repo server. So though I am a bit concerned about > SELinux being disabled, I am not too worried. Just to remove any ambiguity: If the only outside access to a computer is via the webserver software on port 80, then the computer is still *potentially* vulnerable. A computer can be hacked through flaws in the webserver. Merely blocking off other ports (e.g. SSH) is only being partially protective. Having said that, it would depend on what the webserver could do, as to whether anybody else could wreak havoc. If it only served flat HTML files, they'd have to find a security hole in Apache to cause you problems. The typical Achilles heel is flawed scripts (other programs) being running through the server (CGI, PHP, et al). -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
