[cacti/el4] block HTTP access to log and rra directories (BZ #609856)
Ken Dreyer
ktdreyer at fedoraproject.org
Thu Oct 27 22:49:02 UTC 2011
commit 236450cab3385d2b5dcf7bc22abb47f28c9f1b35
Author: Ken Dreyer <ktdreyer at ktdreyer.com>
Date: Thu Oct 27 16:44:43 2011 -0600
block HTTP access to log and rra directories (BZ #609856)
cacti-httpd.conf | 16 ++++++++++++++++
cacti.README.Fedora | 10 +++++++---
2 files changed, 23 insertions(+), 3 deletions(-)
---
diff --git a/cacti-httpd.conf b/cacti-httpd.conf
index b8b9a5c..9187aa6 100644
--- a/cacti-httpd.conf
+++ b/cacti-httpd.conf
@@ -1,6 +1,10 @@
#
# Cacti: An rrd based graphing tool
#
+
+# Change "Allow from 127.0.0.1" to open up cacti to other network devices.
+# For example, change "Allow from 127.0.0.1" to "Allow from all".
+
Alias /cacti /usr/share/cacti
<Directory /usr/share/cacti/>
@@ -9,3 +13,15 @@ Alias /cacti /usr/share/cacti
Allow from 127.0.0.1
</Directory>
+
+# The sections marked "deny from all" should not be modified.
+# These are in place in order to harden cacti.
+<Directory /usr/share/cacti/log>
+ order deny,allow
+ Deny from all
+</Directory>
+<Directory /usr/share/cacti/rra>
+ order deny,allow
+ Deny from all
+</Directory>
+
diff --git a/cacti.README.Fedora b/cacti.README.Fedora
index 3b5e35d..acb284b 100644
--- a/cacti.README.Fedora
+++ b/cacti.README.Fedora
@@ -1,6 +1,10 @@
-In order for Cacti to function properly please properly edit /etc/cacti/db.php
-and enable the crontab script in /etc/cron.d/cacti For more information about
-setting up the database please read:
+In order for Cacti to function properly, please edit the following:
+
+/etc/cacti/db.php
+/etc/cron.d/cacti
+/etc/http/conf.d/cacti.conf
+
+For more information about setting up the database please read:
docs/INSTALL
More information about the scm-commits
mailing list