We are on a current patch version and being old software there are likely few remaining security vulnerabilities or bugs for me to worry about in the version we run.
From: Curtis Maurand [mailto:curtis@xxxxxxxxxxx]
Sent: Thursday, February 20, 2014 12:25 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: Apache major features
Google is your friend in this case. There are tons of books re: apache and even hardening it.
search term: apache books
About 29,700,000 results (0.35 seconds)
http://httpd.apache.org/docs/2.4/
--Curtis
On 2/20/2014 12:38 PM, Joe Jensen (ConAgra Foods) wrote:What major features have been released in the last 8 years for apache? My apache infrastructure is quite dated and behind. I’d like to update and improve it but am new to apache and don’t know much more than that I have nothing modern.
Joe Jensen
(402)-240-3645
Application Hosting Services
From: Jeff Trawick [mailto:trawick@xxxxxxxxx]
Sent: Wednesday, February 19, 2014 3:50 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: Available online Training/documentation
On Wed, Feb 19, 2014 at 3:24 PM, Joe Jensen (ConAgra Foods) <Joe.Jensen@xxxxxxxxxxxxxxxx> wrote:
I’m looking for some advice on how to learn the intricacies of both apache httpd and tomcat. I’m unlikely to get a paid training class, and failed to find any overall training about it online. Considering it’s popularity and open source nature it strikes me as very odd that there isn’t any good and extensive “on your own” training to read through. If someone can point me to something online it would be awesome!
I’m charged with a series of apache/tomcat servers as part about 70% of my job, but we run a ~3-4 year old setup largely unchanged from 7 years ago. I’d like to learn what I don’t know exists, and am hoping for more than just the apache module and configuration manuals. If I have to though that may be what I do learn from.
Joe Jensen
(402)-240-3645
Application Hosting Services
Look at the User's Guide and Howto/Tutorials parts of the documentation.
If it were me, I'd start with this:
1. Make sure you understand how httpd and Tomcat are installed on all systems you support and how updates are obtained.
2. Check the versions of the software and confirm that they are supported branches (e.g., 2.2.x or 2.4.x for httpd, whatever is currently supported for Tomcat).
3. See how old the exact versions are (e.g., 2.2.15), and if they are relatively old then ensure that you are getting updates regularly from a vendor (e.g., Linux vendor) which applies security fixes to old versions.
If there's a problem already (unsupported, vulnerable versions), work with your team to find out how to deal with it. You may end up looking through CHANGES logs for vulnerabilities and crossing out the ones in modules that aren't used in your configuration, and then seeing what is a potential concern.
4-98. (stuff I can't think of at the moment)
99. Try to identify the most common or most important use of httpd in your environment (e.g., front-end to Tomcat) and get a fresh VM and set up httpd with a sample application (or static site) that requires similar configuration features. Use that to play around and experiment with things in the product documentation. Even if you won't use a particular feature in production, the experimentation gives you more insight into how the server can be configured.
--
Born in Roswell... married an alien...
http://emptyhammock.com/
|