LinuxQuestions.org - Is it safe to show server stats?

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Is it safe to show server stats? (https://www.linuxquestions.org/questions/linux-security-4/is-it-safe-to-show-server-stats-348117/)

six6	07-29-2005 02:44 PM

Is it safe to show server stats?

For instance, is it alright to show things like
- bandwidth utilization
- current users, uptime, etc (output from /usr/bin/w)
- free memory (output from /usr/bin/free)
- cpu information (from /proc/cpuinfo)

Is there any information that might be exploited in this way? If you'd like to see an example, I have this on my server http://sunfryes.com/load/.

Thanks!

bomix

07-29-2005 03:03 PM

I would say that showing usernames to the world is not a good idea.
If you want to be able to check your server-status from a remote location, maybe you should consider restricting acces to this page. Assuming your usnig apache, you could do something like this in your httpd.conf:

Code:

#

# This is to permit URL access to scripts/files in AWStats directory.

#

<Directory "/path/to/your/webpage">

    Options None

    AllowOverride None

    Order deny,allow

    Allow from IP#1 IP#2 ...

    Deny from all

</Directory>

six6	07-29-2005 04:03 PM

Oh yes, good idea about the usernames. I'd rather not restrict the directory (via ip or .htaccess) since I'd like to leave as much of that info public as possible.

I'll just change the /usr/bin/w command to /usr/bin/uptime!

Thanks!

hanzerik

08-05-2005 12:31 PM

Take a look at http://phpsysinfo.sourceforge.net/

All times are GMT -5. The time now is 07:18 AM.