[CentOS] httpd RPM newer than 2.0.63 avail for CentOS 4.x?

Sun Nov 7 12:50:42 UTC 2010
Bob McConnell <rmcconne at lightlink.com>

RedShift wrote:
> On 11/07/10 06:17, Philip Amadeo Saeli wrote:
>> I'm maintaining an internet-facing web server which is now running httpd
>> 2.0.63 (httpd-2.0.63-2.el4s1.centos.2) which is now neary 2.5 years
>> old(!?!).  I need to move to either 2.0.64 or 2.2.12 or later.  However,
>> I've been unable to find available RPMs for such releases for CentOS
>> 4.x.
>>
>> I have to believe that others have these needs also.  In light of this,
>> how do others keep up with security upgrades for the httpd?  I'm rather
>> new to this aspect of things, so am still in the process of sorting
>> things out in this regard.
>>
>> Any help would be appreciated.
>>
>> Thanks!
>>
>> --Phil
>>
> 
> Upgrade to the latest 5 release.

It's not that easy to do that much of an upgrade. But since the EOL 
announcement for release 3 was posted recently, it definitely needs to 
be done. This is how I would proceed.

1. Backup all data and configuration info on that server.
2. Set up a test server with the current release (CentOS 5).
3. Restore all data and configuration info on the test server. Plan on 
spending time to rewrite configuration files to match current formats 
and settings.
4. Once you finish tweaking the configuration, test all of your 
software, web pages, etc.
5. When you are sure everything works, install the current OS on the 
production server, restore the data and reconfigure it to match the test 
server.
5. Do a complete acceptance test on the production server. (We actually 
use a second Internet facing server for acceptance tests before 
committing changes to the production server.)
7. Use YUM to update your test server at least once a week.
8. As soon as you finish testing all of the updates each week, use YUM 
to install them on the production server. (But don't ever do this on 
Friday. If you missed something, you don't want to have to work on the 
weekend.)
9. Subscribe to announcements and several security mailing lists to get 
advanced warning of any known issues that need to be patched immediately.
10. Start tracking RedHat/CentOS 6 release candidates ASAP.

Officially, by PCI rules we have 30 days after release of an OS update 
to get it installed on Internet facing systems. So the auditors will 
give us one pass on their monthly validation cycle before they start to 
complain. This does give us some time to test for problems and correct 
them before updating the production servers. But this requires a test 
server that is configured exactly like the production server so we can 
make sure the updates won't break any of our applications before we will 
install them in production.

We have one developer from each product team, one QA manager, one 
Support tech and an IT tech that track these issues and make sure our 
servers are up to date. As one of the developers in that group, I 
monitor CentOS announcements and two security lists, forwarding relevant 
messages to the entire group. There is a similar but larger group 
tracking Microsoft updates.

In addition to CentOS and Apache, we also track updates to PHP, 
PostgreSQL and a couple dozen supporting packages and maintenance tools.

Bob McConnell
N2SPP