[CentOS] Apache warns Web server admins of DoS attack tool

m.roth at 5-cent.us m.roth at 5-cent.us
Fri Aug 26 18:19:52 UTC 2011 

Always Learning wrote:
>
> On Fri, 2011-08-26 at 13:37 -0400, m.roth at 5-cent.us wrote:
>
>> Paul, you've completely missed what John was asking: what qualifies as
>> o/s, and what qualifies as third party, or whatever? Which is apache, or
>> php, or gcc, or tomcat5? Certainly, tomcat and httpd get fired off by
>> root
>> at system boot.
>
> I don't know about your systems but on ours
>
> 	php
> 	gcc
> 	tomcat5
>
> do NOT require customisation. Apache does. For example:-
>
> 	ServerAdmin
> 	ServerName
> 	DirectoryIndex
> 	DefaultLanguage
> 	LanguagePriority and all the other site options
>
> Keeping the bits that remain static separate from the bits that change
> per server is our choice.

<shakes head>
Yeah, but that's a very non-standard concept. If you and the rest of your
team go out to lunch, and are killed by food poisoning, or an
out-of-control senior citizen, anyone walking in will take a good bit
longer to find where all versions of *Nix normally put their configuration
files, ain't. And you *are* customizing /etc/httpd/conf/httpd.conf.
>
> Putting virtual hosts, including those with sub-domains, in a individual
> 'domain name' text file ensures for us smooth running. For us deleting a
> virtual host is deleting one named text file. Adding a virtual host

Missed that part, but that's what I said everybody seems to do... but they
do it in /etc/httpd/conf.d
<snip>
> Those who like dumping everything in one large text file can. I was
> speaking to a sys admin this week who has only 1,200 virtual hosts in
> the main Apache file.

So, you were speaking to the guy who was at the bottom of their class?
That's inane.

I stay with std. practice, as much as I can. It works, too. The first time
I ever did system admin, back in the mid-nineties, I'd worked in Unix for
about 4 years, but never done admin work. For the next 9 or 10 mos, along
with my wife, I slept with Frisch's Essential Systems Administration. from
O'Reilly. When the division had grown from 4 teams to 27, and the co.
brought in a sysadmin team, they told me that my box was one of *two* that
looked normal; everyone else was a disaster (everyone had root, and/or
directories scattered all over, including in /...).

Leaving stuff in std. places is *not* security risk, it's making life
easier. And remember, if you go on vacation, whoever has to take care of
it will have to take the time to figure it out, rather than go to where
everyone expects stuff.

Oh, and php *certainly* requires configuration.

           mark

More information about the CentOS mailing list