Ron, can you be more specific as to what security hole or who could exploit it?
I have sole access directly to my webserver so far as a real terminal. I allow SSH for only a couple of non-root users and that is key based authentication and my FTP is chrooted to the users home folder. i'm starting to get into IP Tables. My server is NAT'ed behind a modem and the webmin port is not open. I figure if someone can get in and exploit Linuxconf then I'm hosed even if I un-install it cuz they can merely get in. Jeff > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of R. DuFresne > Sent: Tuesday, February 05, 2002 9:17 AM > To: [EMAIL PROTECTED] > Subject: RE: ssl virtual host IP's > > > > Lat time I checked, and perhaps it has been updated and fixed, it was not > a few mere weeks ago, Linuxconf was an open security hole waiting for > exploitation. You may want to fix that. > > Thanks, > > Ron DuFresne > > On Tue, 5 Feb 2002, Sir SoilentG_kov wrote: > > > thanks, > > > > FYI i used Linuxconf instead of ifconfig (newbie here) and it works > > like a champ. > > > > Jeff > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Owen Boyle > > > Sent: Tuesday, February 05, 2002 12:38 AM > > > To: [EMAIL PROTECTED] > > > Subject: Re: ssl virtual host IP's > > > > > > > > > Sir SoilentG_kov wrote: > > > > > > > > I've been looking thru the mod_ssl users archives and have > > > learned that I > > > > can't do SSL on Virtual Hosts that are name based. I've > seen that it is > > > > possible to use it on Virtual Hosts with IP based. > > > > > > Correct. Also, port based... > > > > > > > Are these IP based hosts separate computers or can they be > > > "Virtual IP's" > > > > all pointing to the same computer? What I want to do is > have two domain > > > > names routed to my Linux Web Server and have them both have > > > separate certs. > > > > However, I have no clue how I'd go about setting up two IP's > > > that point to > > > > the same box... doesn't make sense to me so I'm guessing it's not > > > > possible... but would love it if it does. > > > > > > It is entirely possible. Any single interface card (i.e. the physical > > > device, e.g. eth0) can listen to many IP addresses. On an internet > > > connected unix machine the basic procedure is: > > > > > > - obtain two IP addresses (on the same network - e.g. 192.168.1.1 and > > > 192.168.1.2) > > > - define your two sites in DNS > > > (these two points are done via your ISP usually) > > > > > > - use "ifconfig" to make your NIC listen to the two IPs > > > (see man pages for more detail on this command) > > > > > > - configure apache to "Listen" to the two IPs and > > > - define two VHs for each IP e.g. > > > > > > Listen 192.168.1.1 > > > <VirtualHost 192.168.1.1> > > > ServerName www.site1.com > > > DocumentRoot /path/to/site1 > > > </VirtualHost> > > > > > > Listen 192.168.1.2 > > > <VirtualHost 192.168.1.2> > > > ServerName www.site2.com > > > DocumentRoot /path/to/site2 > > > </VirtualHost> > > > > > > Rgds, > > > > > > Owen Boyle. > > > ______________________________________________________________________ > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > User Support Mailing List [EMAIL PROTECTED] > > > Automated List Manager [EMAIL PROTECTED] > > > > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > admin & senior security consultant: sysinfo.com > http://sysinfo.com > > "Cutting the space budget really restores my faith in humanity. It > eliminates dreams, goals, and ideals and lets us get straight to the > business of hate, debauchery, and self-annihilation." > -- Johnny Hart > > testing, only testing, and damn good at it too! > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
