Hello,
I am looking for some advice on a way to update some packages to newer releases than are available in the standard CentOS repositories. Specifically, I am trying to update apache and PHP to conform to "Scanalert"'s "Hacker Safe" website security scan, and the required versions do not exist in the CentOS repositories. I'm using CentOS 5.
I wish to stay within the realm of yum, in order to avoid RPM-dependency-heck which I have experienced before, trying to source random third party RPMs that never work out properly. I also wish to keep the system in a better state of maintenance by sticking to yum. It's just more organized (and easier) and will help keep things up to date in the future as well.
Is there any other option than to go with a 3rd party repository to hopefully find later versions of apache and PHP? Does anybody have a recommended repository source?
Thank you for any help and advice you can give, -Jesse Cantara
On Fri, Oct 05, 2007 at 07:29:12PM -0400, Jesse Cantara wrote:
Hello,
I am looking for some advice on a way to update some packages to newer releases than are available in the standard CentOS repositories. Specifically, I am trying to update apache and PHP to conform to "Scanalert"'s "Hacker Safe" website security scan, and the required versions do not exist in the CentOS repositories. I'm using CentOS 5.
Are you sure there are actually issues with your versions of PHP? The upstream vendor backports security fixes:
http://www.redhat.com/security/updates/backporting/
Security scanning tools often have no clue of this.
If you just are looking for newer versions offering newer features, perhaps the centosplus repo would be enough for you?
Ray
On Fri, Oct 05, 2007, Ray Van Dolson wrote:
On Fri, Oct 05, 2007 at 07:29:12PM -0400, Jesse Cantara wrote:
Hello,
I am looking for some advice on a way to update some packages to newer releases than are available in the standard CentOS repositories. Specifically, I am trying to update apache and PHP to conform to "Scanalert"'s "Hacker Safe" website security scan, and the required versions do not exist in the CentOS repositories. I'm using CentOS 5.
Are you sure there are actually issues with your versions of PHP? The upstream vendor backports security fixes:
http://www.redhat.com/security/updates/backporting/
Security scanning tools often have no clue of this.
You could have left off `` of this''.
Several of the security scanning companies I've dealt with seem to be seriously lacking in clues.
Bill -- INTERNET: bill@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
Our Foreign dealings are an Open Book, generally a Check Book. Will Rogers
Hey, thanks for the helpful info Bill...
Honestly though, thanks to the other people who actually gave me some useful info. The choice of "Scanalert"'s (I'm going to use quotes where appropriate) scan is not my choice. Users like to see it, the boss likes to see it, that's what I have to go with; regardless of the quality of the scan itself. _I_ know that my site is well secured (I just wasn't aware of the backporting), but users like to see happy little images on websites.
-Jesse
Bill Campbell wrote:
On Fri, Oct 05, 2007, Ray Van Dolson wrote:
On Fri, Oct 05, 2007 at 07:29:12PM -0400, Jesse Cantara wrote:
Hello,
I am looking for some advice on a way to update some packages to newer releases than are available in the standard CentOS repositories. Specifically, I am trying to update apache and PHP to conform to "Scanalert"'s "Hacker Safe" website security scan, and the required versions do not exist in the CentOS repositories. I'm using CentOS 5.
Are you sure there are actually issues with your versions of PHP? The upstream vendor backports security fixes:
http://www.redhat.com/security/updates/backporting/
Security scanning tools often have no clue of this.
You could have left off `` of this''.
Several of the security scanning companies I've dealt with seem to be seriously lacking in clues.
Bill
INTERNET: bill@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
Our Foreign dealings are an Open Book, generally a Check Book. Will Rogers _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi,
As others have pointed out, as long as you're patched up, the fixes are backported.
Checkbox security is lame. I strongly recommend setting
ServerToken ProductOnly
See http://httpd.apache.org/docs/1.3/mod/core.html#servertokens for more.
It's more secure, because a script kiddie looking in netcraft for attack vectors won't find your server because it's running some version of PHP. Plus, you'll pass the 'scamalert' scans :)
On 10/5/07, Jesse Cantara jesse_cantara@esupport.com wrote:
Hello,
I am looking for some advice on a way to update some packages to newer releases than are available in the standard CentOS repositories. Specifically, I am trying to update apache and PHP to conform to "Scanalert"'s "Hacker Safe" website security scan, and the required versions do not exist in the CentOS repositories. I'm using CentOS 5.
I wish to stay within the realm of yum, in order to avoid RPM-dependency-heck which I have experienced before, trying to source random third party RPMs that never work out properly. I also wish to keep the system in a better state of maintenance by sticking to yum. It's just more organized (and easier) and will help keep things up to date in the future as well.
Is there any other option than to go with a 3rd party repository to hopefully find later versions of apache and PHP? Does anybody have a recommended repository source?
Thank you for any help and advice you can give, -Jesse Cantara
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Bill Campbell -
Gary Richardson -
Jesse Cantara -
Ray Van Dolson