Markus Falb wrote:
On Fri, 03 Apr 2009 17:06:38 -0500, Lanny Marcus wrote:
Backup servers need *maximum* protection too......
agreed, but... maximum protection would mean turning network off. but that could turn out as a little inconvinience.
webservers that cant boot without human intervention are not acceptable for me. but thats me. i understand that other people may have another opinion, and thats fine.
I agree. Apache has to start for me.
My server is a linode hosted xen vm. It does not have 100% uptime - it's rarely down, but it has been down before (I can tell from the logs - this site w/ the ssl is new but I have other stuff hosted on it).
Anyway - the site is just a site to record reptiles and amphibian sightings in my county, the only thing I'm using ssl for is user registration and login so that password is not sent plain text.
Hardly cause to be overly paranoid (I was a good boy and did set root:root 0600 permissions though). In fact using ssl may already be overly paranoid, most sites of this type don't - which is a pet peeve of mine (too many people use wireless and too many people use the same password for everything, passwords really need to be encrypted when sent)
I don't backup /etc/pki - I have the apache keys backed up, the server's ssl keys backed up, but only backup I have planned of the server is weekly rpm -qa, /etc/httpd, /etc/php.ini, mysql database, and user uploaded images. Everything else is cake to do from a fresh install and what I have at home.