Being in the computer security business I would highly suggest that the machine is locked down. It is not likely, but also not impossible that the machine would be compromised from the outside being an intranet server behind a firewall. But there was is the threat from the internal network or from misconfiguration of the firewall or network. Depending on the installer operating system I can recommend the easiest way of locking down the machine. But basically the most available secure configuration guide is the CIS Benchmarks from CISecurity.org. Contact me off list and I can provide more details. —Jim Hart On Sun, Apr 14, 2019 at 8:28 PM Evan Koblentz via vcf-midatlantic < vcf-midatlantic@lists.vcfed.org> wrote:

Today I picked out an unloved modern PC from our collection (from the ones donated back at Festivus) and turned it into our museum intranet server. It runs Linux and the latest version of Apache.

I didn't touch the stock configuration files: it just magically worked after I gave the server a static IP and stuff.

Here is the question ... SHOULD any of the stock config files be changed? All this server will do is offer rather primitive .htm files for the info kiosks. It's not going to face anything external, although it does connect through our firewall so its software can be updated. There is no need to remotely manage it. Can/should I just leave the stock config alone, or should anything be changed for security, performance, etc.?

-- —

—Jim Hart