Is posting a server's .config; apache confs a large risk?

dhaova · n00b Joined: 18 May 2005 Posts: 1

I'm currently completing an undergraduate thesis that involves building a webserver based on Gentoo Linux. Part of the content it will serve is an illustrated guide to its creation. Assuming that I don't give out shell access, is there any significant security risk to listing the server's kernel .config and Apache configuration files? I'm a pretty confident Linux user, but a near-total n00b when it comes to security...

Thanks :D

xbmodder · Guru Joined: 25 Feb 2004 Posts: 404

Its not a bad idea to post you .config file unless your extremely paranoid. Someone could find that you have an insecure kernel module. Then again the kernel is amazingly secure. I think its fine. Apache confs can be ok, BUT! BE CAREFUL! That you must be careful of not posting secret-directorys etc.
_________________
http://xbmodder.us/