awstats munged httpd rights in SElinux, how to fix?

[Gene Heskett]

On Friday 01 August 2008, Tim wrote:
>Tim:
>>> I'd still stick with using your computer as yourself, just use another
>>> terminal as root for configuration issues.  Especially if you're opening
>>> your computer up to the world as a webserver.  You do want as much
>>> protection as you can manage, in that situation.
>
>Gene Heskett:
>> I'm not directly connected to the net here, dd-wrt, x86 version
>> running on an old 450 mhz k6-iii is between me and the black hats.  It
>> gets about 500 root login attempts a day, but the password is both
>> long and unique.
>
>In that case, the main worries would be that they could find an exploit
>in a webserver that doesn't require a logon (abusing guestbook scripts,
>and the like), or just abusing mail forms to send spam through your
>service to someone else.  I get a few script kiddies rattling the
>windows on my website, but they only get 404s.  I don't have the scripts
>that they're looking for to exploit.

Neither do I, that and sheer CRS is why there isn't any wrappers around the 
pix on my site, just a list of pix, and 90% of those are just links to the 
real file someplace else.

>I don't have remote shell access, I haven't thought of a reason that I'd
>really want it.  One day I might set things so I can access my mail
>servers remotely, but not before I've figured out how to do it securely
>(i.e. encrypted access only).

I thought of that, using imap, but somehow that seems to be, from the stories 
I read here on the net, just a way to add another single point of failure.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The minute a man is convinced that he is interesting, he isn't.