[vcf-midatlantic] Apache question (museum intranet server)

Jim Hart jim at jimhart.org
Sun Apr 14 20:57:05 EDT 2019


Being in the computer security business I would highly suggest that the
machine is locked down.  It is not likely, but also not impossible that the
machine would be compromised from the outside being an intranet server
behind a firewall. But there was is the threat from the internal network or
from misconfiguration of the firewall or network.  Depending on the
installer operating system I can recommend the easiest way of locking down
the machine.  But basically the most available secure configuration guide
is the CIS Benchmarks from CISecurity.org.

Contact me off list and I can provide more details.

—Jim Hart


On Sun, Apr 14, 2019 at 8:28 PM Evan Koblentz via vcf-midatlantic <
vcf-midatlantic at lists.vcfed.org> wrote:

> Today I picked out an unloved modern PC from our collection (from the
> ones donated back at Festivus) and turned it into our museum intranet
> server. It runs Linux and the latest version of Apache.
>
> I didn't touch the stock configuration files: it just magically worked
> after I gave the server a static IP and stuff.
>
> Here is the question ... SHOULD any of the stock config files be
> changed? All this server will do is offer rather primitive .htm files
> for the info kiosks. It's not going to face anything external, although
> it does connect through our firewall so its software can be updated.
> There is no need to remotely manage it. Can/should I just leave the
> stock config alone, or should anything be changed for security,
> performance, etc.?
>
> --
—

—Jim Hart


More information about the vcf-midatlantic mailing list