|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Security of RedHat 8.0 and Apache 2.0.43
|
> I have seen a number of webservers that run RedHat 7.x and Apache 1.x ...
> are the older versions used because of hardware, migration or security
> issues? or something else?
>
> That is to say, are RedHat 8.0 and Apache 2.0.43 still considered adequately
> secure for a publicly available web server?
All but the simplest website (static pages, only) will probably have
custom configurations on apache which would therefore require apache to
recompiled from source. While doing this, one could either get the latest
stable version of apache 2 or revert back to apache 1.3.
Apache 1.3 is still necessary, incidentally, in order to use some
binary-only modules for apache. Modules that work on apache1.3 need to be
recompiled for apache2.
At any rate, if I am asked specifically to setup a RedHat server, I will
do so after getting a list of services that they require (many places
need ftp access, for example). I would install only the packages they ask
for during the initial install. Usually w/ any distro there are going to
be services that I feel are unnecessary, so I would shut them off.
In a nutshell, there are three basic things that makes something insecure:
1. unnecessary services
2. older services (really old versions of sendmail, for example)
3. poorly configured services (like in apache, allowing users to browse
the directory strucure)
RedHat tends to run the latest stable versions of the packages that they
install, which are usually the most secure versions as well. So a properly
configured RedHat server is going to be secure.
Fred Ollinger
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|