These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for PCI DSS company want apache updated on the new forum.
Web Hosting and Cloud Computing Control Panels
Howdy,
It shouldn't cause any problems to update to that... though I'll talk to Joe to make sure the Virtualmin repo's have the latest Apache version in it.
-Eric
Thanks. Reading my post again I didn't mention I was using Centos 5.8.
Hmm. Build the src rpm and installed - it appeared to go ok. Couldn't view any websites though. Checked the logs and there was a suexec error "command not in docroot".
I reinstalled the original virtualmin RPMs through yum and everything is works again (apart from PCI DSS compliance obviouslly).
A quick search shows that the docroot is changed in the virtualmin rpms - is there anyway to do this on the src rpm I downloaded and build from http://vault.centos.org/5.8/updates/SRPMS/ ?
Thanks
My apologies, I keep forgetting that the Apache in CentOS is different than the one included in Ubuntu/Debian.
With Ubuntu/Debian, the suexec settings are independent of the Apache package.
With CentOS, the "suexec" binary would need to be compiled to use "/home" as it's base, rather than "/var/www".
However, since this should all be temporary (until Joe updates the CentOS package), you should be able to replace the file "/usr/sbin/suexec" with the one included in the Virtualmin package.
You'd want to make sure the permissions look like this:
$ ls -l /usr/sbin/suexec-r-s--x---. 1 root apache 13984 May 16 2012 /usr/sbin/suexec
What I always do for PCI compliance tests is reconfigure Apache to not give out its version number, this fixes that problem. Its also good in general for security purposes. No functionality is lost by making these changes, and they won't get overwritten in future updates.
/etc/httpd/conf/httpd.conf
ServerTokens ProductOnly ServerSignature Off
And to cloak PHP
/etc/php.ini & /home/*/etc/php.ini
expose_php = Off