LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Is it safe to show server stats?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-29-2005, 02:44 PM   #1
six6
Member
Contributing Member
 
Registered: Jun 2004
Location: In Adamantine Chains and penal Fire
Distribution: Debian Sarge & Ubuntu Breezy
Posts: 107

Rep: Reputation: 16
Is it safe to show server stats?

For instance, is it alright to show things like
- bandwidth utilization
- current users, uptime, etc (output from /usr/bin/w)
- free memory (output from /usr/bin/free)
- cpu information (from /proc/cpuinfo)

Is there any information that might be exploited in this way? If you'd like to see an example, I have this on my server http://sunfryes.com/load/.

Thanks!
 
Old 07-29-2005, 03:03 PM   #2
bomix
LQ Newbie
 
Registered: Mar 2005
Location: Denmark
Distribution: Fedora Core 4 64bit
Posts: 22

Rep: Reputation: 15
I would say that showing usernames to the world is not a good idea.
If you want to be able to check your server-status from a remote location, maybe you should consider restricting acces to this page. Assuming your usnig apache, you could do something like this in your httpd.conf:

Code:
#
# This is to permit URL access to scripts/files in AWStats directory.
#
<Directory "/path/to/your/webpage">
    Options None
    AllowOverride None
    Order deny,allow
    Allow from IP#1 IP#2 ...
    Deny from all
</Directory>
 
Old 07-29-2005, 04:03 PM   #3
six6
Member
Contributing Member
 
Registered: Jun 2004
Location: In Adamantine Chains and penal Fire
Distribution: Debian Sarge & Ubuntu Breezy
Posts: 107

Original Poster
Rep: Reputation: 16
Oh yes, good idea about the usernames. I'd rather not restrict the directory (via ip or .htaccess) since I'd like to leave as much of that info public as possible.

I'll just change the /usr/bin/w command to /usr/bin/uptime!

Thanks!
 
Old 08-05-2005, 12:31 PM   #4
hanzerik
Member
 
Registered: Jan 2002
Location: Cheyenne Wyoming
Distribution: Debian/Raspbian/Mint
Posts: 717

Rep: Reputation: 32
Take a look at http://phpsysinfo.sourceforge.net/
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Server Stats App? nicedreams Linux - Software 2 11-15-2005 02:25 PM
SSH Server - How and how safe? Jorek Linux - Networking 9 10-27-2005 05:12 PM
server won't show files Maver Mandriva 5 06-15-2004 05:05 PM
win98 Server, as safe as it gets ;-) browny_amiga General 12 06-26-2003 08:04 AM
setting up a safe and secure server/router Ciccio Linux - Security 3 04-25-2003 10:46 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:55 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration