[Noisebridge-discuss] Unlocking the door via SMS
Jonathan Lassoff
jof at thejof.com
Thu Mar 11 01:38:45 UTC 2010
Excerpts from Micah Lee's message of Wed Mar 10 17:35:13 -0800 2010:
> On Wed, Mar 10, 2010 at 5:25 PM, Jonathan Lassoff <jof at thejof.com> wrote:
> > Whomever has access to an account on pony that is either UID 0, or is in
> > the "adm" group.
> > Only a few people, but who knows what unknown root access there is to
> > this machine.
> >
> > It seems like pony is keeping copious apache logs. Logrotate is
> > configured to keep 52 rolled-out copies of logs on pony.
>
> Since the script doesn't actually log anything itself, people with
> root actually won't have access to the logs. And as far as apache logs
> are concerned, each time someone sends an SMS to unlock the door, the
> IP in the apache logs will be 127.0.0.1, since pony itself will send
> the request.
I was just referring to who can access the current apache logging setup
on pony.
> And also, in terms of keeping really stripped down logs, this stuff
> might help: http://dev.riseup.net/privacy/
Good links and guides on here!
Cheers,
jof
More information about the Noisebridge-discuss
mailing list