[CentOS] Need advice on 3rd party repository

Gary Richardson gary.richardson at gmail.com
Sun Oct 7 16:57:36 UTC 2007


As others have pointed out, as long as you're patched up, the fixes are

Checkbox security is lame. I strongly recommend setting

ServerToken ProductOnly

See http://httpd.apache.org/docs/1.3/mod/core.html#servertokens for more.

It's more secure, because a script kiddie looking in netcraft for attack
vectors won't find your server because it's running some version of PHP.
Plus, you'll pass the 'scamalert' scans :)

On 10/5/07, Jesse Cantara <jesse_cantara at esupport.com> wrote:
> Hello,
> I am looking for some advice on a way to update some packages to newer
> releases than are available in the standard CentOS repositories.
> Specifically, I am trying to update apache and PHP to conform to
> "Scanalert"'s "Hacker Safe" website security scan, and the required
> versions do not exist in the CentOS repositories. I'm using CentOS 5.
> I wish to stay within the realm of yum, in order to avoid
> RPM-dependency-heck which I have experienced before, trying to source
> random third party RPMs that never work out properly. I also wish to
> keep the system in a better state of maintenance by sticking to yum.
> It's just more organized (and easier) and will help keep things up to
> date in the future as well.
> Is there any other option than to go with a 3rd party repository to
> hopefully find later versions of apache and PHP? Does anybody have a
> recommended repository source?
> Thank you for any help and advice you can give,
> -Jesse Cantara
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.centos.org/pipermail/centos/attachments/20071007/bd1de37e/attachment.htm

More information about the CentOS mailing list