Classification: UNCLASSIFIED Caveats: FOUO While you're at it you might want to find a class in web security. You just told the whole world that ConAgra Foods is running some extremely vulnerable versions of Apache products. -----Original Message----- From: Joe Jensen (ConAgra Foods) [mailto:Joe.Jensen@xxxxxxxxxxxxxxxx] Sent: Thursday, February 20, 2014 12:38 PM To: users@xxxxxxxxxxxxxxxx Subject: Apache major features What major features have been released in the last 8 years for apache? My apache infrastructure is quite dated and behind. I'd like to update and improve it but am new to apache and don't know much more than that I have nothing modern. Joe Jensen (402)-240-3645 Application Hosting Services From: Jeff Trawick [mailto:trawick@xxxxxxxxx] Sent: Wednesday, February 19, 2014 3:50 PM To: users@xxxxxxxxxxxxxxxx Subject: Re: Available online Training/documentation On Wed, Feb 19, 2014 at 3:24 PM, Joe Jensen (ConAgra Foods) <Joe.Jensen@xxxxxxxxxxxxxxxx> wrote: I'm looking for some advice on how to learn the intricacies of both apache httpd and tomcat. I'm unlikely to get a paid training class, and failed to find any overall training about it online. Considering it's popularity and open source nature it strikes me as very odd that there isn't any good and extensive "on your own" training to read through. If someone can point me to something online it would be awesome! I'm charged with a series of apache/tomcat servers as part about 70% of my job, but we run a ~3-4 year old setup largely unchanged from 7 years ago. I'd like to learn what I don't know exists, and am hoping for more than just the apache module and configuration manuals. If I have to though that may be what I do learn from. Joe Jensen (402)-240-3645 <tel:%28402%29-240-3645> Application Hosting Services Look at the User's Guide and Howto/Tutorials parts of the documentation. If it were me, I'd start with this: 1. Make sure you understand how httpd and Tomcat are installed on all systems you support and how updates are obtained. 2. Check the versions of the software and confirm that they are supported branches (e.g., 2.2.x or 2.4.x for httpd, whatever is currently supported for Tomcat). 3. See how old the exact versions are (e.g., 2.2.15), and if they are relatively old then ensure that you are getting updates regularly from a vendor (e.g., Linux vendor) which applies security fixes to old versions. If there's a problem already (unsupported, vulnerable versions), work with your team to find out how to deal with it. You may end up looking through CHANGES logs for vulnerabilities and crossing out the ones in modules that aren't used in your configuration, and then seeing what is a potential concern. 4-98. (stuff I can't think of at the moment) 99. Try to identify the most common or most important use of httpd in your environment (e.g., front-end to Tomcat) and get a fresh VM and set up httpd with a sample application (or static site) that requires similar configuration features. Use that to play around and experiment with things in the product documentation. Even if you won't use a particular feature in production, the experimentation gives you more insight into how the server can be configured. -- Born in Roswell... married an alien... http://emptyhammock.com/ Classification: UNCLASSIFIED Caveats: FOUO --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|