[CentOS] httpd RPM newer than 2.0.63 avail for CentOS 4.x?
rmcconne at lightlink.com
Sun Nov 7 12:50:42 UTC 2010
> On 11/07/10 06:17, Philip Amadeo Saeli wrote:
>> I'm maintaining an internet-facing web server which is now running httpd
>> 2.0.63 (httpd-2.0.63-2.el4s1.centos.2) which is now neary 2.5 years
>> old(!?!). I need to move to either 2.0.64 or 2.2.12 or later. However,
>> I've been unable to find available RPMs for such releases for CentOS
>> I have to believe that others have these needs also. In light of this,
>> how do others keep up with security upgrades for the httpd? I'm rather
>> new to this aspect of things, so am still in the process of sorting
>> things out in this regard.
>> Any help would be appreciated.
> Upgrade to the latest 5 release.
It's not that easy to do that much of an upgrade. But since the EOL
announcement for release 3 was posted recently, it definitely needs to
be done. This is how I would proceed.
1. Backup all data and configuration info on that server.
2. Set up a test server with the current release (CentOS 5).
3. Restore all data and configuration info on the test server. Plan on
spending time to rewrite configuration files to match current formats
4. Once you finish tweaking the configuration, test all of your
software, web pages, etc.
5. When you are sure everything works, install the current OS on the
production server, restore the data and reconfigure it to match the test
5. Do a complete acceptance test on the production server. (We actually
use a second Internet facing server for acceptance tests before
committing changes to the production server.)
7. Use YUM to update your test server at least once a week.
8. As soon as you finish testing all of the updates each week, use YUM
to install them on the production server. (But don't ever do this on
Friday. If you missed something, you don't want to have to work on the
9. Subscribe to announcements and several security mailing lists to get
advanced warning of any known issues that need to be patched immediately.
10. Start tracking RedHat/CentOS 6 release candidates ASAP.
Officially, by PCI rules we have 30 days after release of an OS update
to get it installed on Internet facing systems. So the auditors will
give us one pass on their monthly validation cycle before they start to
complain. This does give us some time to test for problems and correct
them before updating the production servers. But this requires a test
server that is configured exactly like the production server so we can
make sure the updates won't break any of our applications before we will
install them in production.
We have one developer from each product team, one QA manager, one
Support tech and an IT tech that track these issues and make sure our
servers are up to date. As one of the developers in that group, I
monitor CentOS announcements and two security lists, forwarding relevant
messages to the entire group. There is a similar but larger group
tracking Microsoft updates.
In addition to CentOS and Apache, we also track updates to PHP,
PostgreSQL and a couple dozen supporting packages and maintenance tools.
More information about the CentOS