COMMAND

    httpd.conf

SYSTEMS AFFECTED

    Suse 6.4

PROBLEM

    zab0ra aka t0maszek found following.  In SuSe 6.4 (maybe  another)
    any user from  any host can  get info about  packages installed on
    SuSe systems.  httpd.conf file have entry "Alias /doc/  /usr/doc/"
    (and others).

    In www browser you cat set

        http://hosts.any/doc/packages/

    and you get list of installed packages.

SOLUTION

    The configuration  file for  apache (/etc/httpd/httpd.conf),  line
    801, reads:

    ############################################################
    <Directory /usr/doc>
        Options FollowSymLinks Indexes +Includes
        AllowOverride None
    </Directory>
    ############################################################

    Rewrite this to:

    ############################################################
    <Directory /usr/doc>
      order deny,allow
      deny from all
      allow from localhost
      Options Indexes FollowSymLinks +Includes
      AllowOverride None
    </Directory>
    ############################################################