As others have pointed out, as long as you're patched up, the fixes are backported.
Checkbox security is lame. I strongly recommend setting
ServerToken ProductOnly
See http://httpd.apache.org/docs/1.3/mod/core.html#servertokens for more.
It's more secure, because a script kiddie looking in netcraft for attack vectors won't find your server because it's running some version of PHP. Plus, you'll pass the 'scamalert' scans :)
On 10/5/07, Jesse Cantara <jesse_cantara@xxxxxxxxxxxx> wrote:
Hello,
I am looking for some advice on a way to update some packages to newer
releases than are available in the standard CentOS repositories.
Specifically, I am trying to update apache and PHP to conform to
"Scanalert"'s "Hacker Safe" website security scan, and the required
versions do not exist in the CentOS repositories. I'm using CentOS 5.
I wish to stay within the realm of yum, in order to avoid
RPM-dependency-heck which I have experienced before, trying to source
random third party RPMs that never work out properly. I also wish to
keep the system in a better state of maintenance by sticking to yum.
It's just more organized (and easier) and will help keep things up to
date in the future as well.
Is there any other option than to go with a 3rd party repository to
hopefully find later versions of apache and PHP? Does anybody have a
recommended repository source?
Thank you for any help and advice you can give,
-Jesse Cantara
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
