I need to pass a PCI audit, and it is failing on my apache version, I have 2.2.3-43.el5.centos
Is there an atomic version of the latest, or is that not in the atomic repo?
This is a Cent 5.5 / Plesk 9.52 system, by the way.
The PCI audit wants to see 2.2.15
Thanks
Apache 2.2.16
-
scott
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Apache 2.2.16
That is a false positive, you can refer them to this: http://www.redhat.com/security/updates/ ... c_cid=3093
That being said, we're considering adding httpd to the repo.
That being said, we're considering adding httpd to the repo.
-
mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Apache 2.2.16
Also, if you are running ASL it will not report the apache version to the scanner so you wont run into this problem with PCI-DSS scanners and will pass.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Apache 2.2.16
I thought I had that set in the httpd.conf by using the ServerSignature Off.mikeshinn wrote:Also, if you are running ASL it will not report the apache version to the scanner so you wont run into this problem with PCI-DSS scanners and will pass.
Re: Apache 2.2.16
Thank you, I will try that route.scott wrote:That is a false positive, you can refer them to this: http://www.redhat.com/security/updates/ ... c_cid=3093
-
mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Apache 2.2.16
I believe ServerSignature Off. doesnt actually hide the version or if it does, it doesnt do it very well.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone