httpd2@xxxxxxxxxxxx wrote:
Some interesting points William.Could Sun/HP/IBM/RedHat develop a curriculum/certification for complete server administration, including Apache? I suspect they not only could, but currently do have some credentials around Server Administration - which must include dns, sendmail, httpd and the dozens of other services which must be locked down.Well, I thought a 'real' apache web server was supposed to be a dedicated machine, not running other services that you mention above.
Certainly I would prefer seperate boxes, or seperate VM's, in any production environment...
So that would imply a minimal system, only running the Apache daemon, and nothing else that is not required to support the web server. This machine would be made as secure as possible, and regular security updates applied.
None the less, you can't do that without intimate knowledge of the specific operating system you deploy httpd on. Do ACL's apply? Does SELinux lockdown apply? Does chroot apply? You can't seperate the security, performance, robustness of httpd from the operating system it's deployed to, which is why I suggest that stand-alone httpd certification would be somewhat useless. Also consider that HOW httpd is deployed, locations of logs, access control/htpasswd files, content, etc. along with scripting languages and how those are deployed is all part and parcel with how the OS vendor distributes Apache httpd, if using the vendor's distribution. Believe me, I've landed in plenty of Apache distributions by OS vendors and become completely lost in the 'mess' they created :-) Bill --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|