J. Craig Woods grabbed a keyboard and wrote: > > David Guntner wrote: > > > > Actually, Brandon hit it on the head. <slaps forehead> I should have > > noticed that the directory permissions would have kept the Apache user from > > getting to anything there.... > > > > Thanks, though! > > Yes, he did, and I should have seen the absence of said bits too. > However, out of curiosity, did you add options, such as "Allow from" or > "Deny from" to the directory options in your conf file? And, if not, how > will you control which client machine or user will run these scrips? > Assigning directory perms will only solve part of this control issue for > your cgi directory.
I haven't done so yet, but the interface requires a login when you connect to the server. Without that, you can't access the system, either. I plan to put the deny/allow stuff you mentioned in, provided I decide to keep using PureSecure (it's proving an... interesting challenge to get it running completely - I can't get the version of snort they provide to connect to the database). I may just end up getting rid of the whole thing and put Mandrake's version of snort back in place, and see if I can't find a good monitor/report that will work with that. --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com