REQ RPM for Apache httpd 2.2.15
REQ RPM for Apache httpd 2.2.15
Just figured I'd see if anyone is making RPM's of apache as I'm not too fond of installing packages myself with plesk as something always seems to go wrong...
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: REQ RPM for Apache httpd 2.2.15
We've been talking about addressing this for the centos 5 users, I think this might be a good thread for people on c5 to let it be known if this is something that interests them or not.
Re: REQ RPM for Apache httpd 2.2.15
I think it would be great if Atomic had apache in the repo so the latest is being used. Problem i have with backporting is because of the versioning stamp and PCI Compliance it seems monthly i have to help our merchants that we host for do their appeals on their scans because some ASV's are stupid and don't have the backport versions in their scan profiles.
James Nascimento
Chief Information Officer
East Commerce Solutions, Inc.
22 Morris Lane
East Providence, RI 02914
Ph. 800-527-5395 x263
Fax. 888-999-5891
Chief Information Officer
East Commerce Solutions, Inc.
22 Morris Lane
East Providence, RI 02914
Ph. 800-527-5395 x263
Fax. 888-999-5891
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: REQ RPM for Apache httpd 2.2.15
The irony here is that the scanners they use (nessus, etc) even tell them that its not to be trusted
Re: REQ RPM for Apache httpd 2.2.15
I'd say the largest reason to do this is the anal-ness of the PCI scanners (and the fact that PCI still has confusion about what exactly constitutes compliance).
When Apache 2.4 gets closer to release (2.3.6 alpha just started a few days ago) and they have a more thorough feature set you might see more interest.
When Apache 2.4 gets closer to release (2.3.6 alpha just started a few days ago) and they have a more thorough feature set you might see more interest.
"Its not a mac. I run linux... I'm actually cool." - scott
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: REQ RPM for Apache httpd 2.2.15
If you're using ASL it should clean up the tokens in a way to resolve this with a PCI scanner (that isnt doing their job right...)
Re: REQ RPM for Apache httpd 2.2.15
Actually I was looking into it because their changelog shows a few good exploit fixes.Highland wrote:I'd say the largest reason to do this is the anal-ness of the PCI scanners...
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: REQ RPM for Apache httpd 2.2.15
those are all backported by redhat.There are no known vulnerabilities in httpd-2.2.3-43
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: REQ RPM for Apache httpd 2.2.15
Remember version numbers are meaningless.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone