[CentOS] Apache warns Web server admins of DoS attack tool

Fri Aug 26 18:00:55 UTC 2011
Always Learning <centos at u61.u22.net>

On Fri, 2011-08-26 at 13:37 -0400, m.roth at 5-cent.us wrote:

> Paul, you've completely missed what John was asking: what qualifies as
> o/s, and what qualifies as third party, or whatever? Which is apache, or
> php, or gcc, or tomcat5? Certainly, tomcat and httpd get fired off by root
> at system boot.

Mark,

I don't know about your systems but on ours

	php
	gcc
	tomcat5

do NOT require customisation. Apache does. For example:-

	ServerAdmin
	ServerName
	DirectoryIndex
	DefaultLanguage
	LanguagePriority and all the other site options

Keeping the bits that remain static separate from the bits that change
per server is our choice.

Putting virtual hosts, including those with sub-domains, in a individual
'domain name' text file ensures for us smooth running. For us deleting a
virtual host is deleting one named text file. Adding a virtual host
means creating one text file. Changing a virtual host means changing one
file. Moving a virtual host to a different server or even to a different
operating system means moving one file. Of course it requires a 

	service httpd restart or reload

Meanwhile nothing else is disrupted, or at risk of disruption or
inadvertently altered.  We like quickness, simpleness and easiness. Keep
it plain and simple is our motive.

Those who like dumping everything in one large text file can. I was
speaking to a sys admin this week who has only 1,200 virtual hosts in
the main Apache file.


Paul.