zurek Posted March 12, 2012 Share Posted March 12, 2012 My friend told me that recently Apache Server have a securiy bug. He told me that after upgrade, some of the config files has been reset to default state, which reduced level of security. Unfortunately I couldn't find any information about this. It is true, or my friend lied to me? If this is true then where can I read more about it. Quote Link to comment Share on other sites More sharing options...
hexophrenic Posted March 12, 2012 Share Posted March 12, 2012 It would depend. Did existing configuration get over-written? Some distros will prompt during an upgrade to keep existing or replace with new. It would depend on how the upgrade was performed. Always have good backups and run a diff on the configuration files after upgrade to see what changed. Just a part of change/configuration management (or bad luck in some cases :) ). Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted March 13, 2012 Share Posted March 13, 2012 My friend told me that recently Apache Server have a securiy bug. He told me that after upgrade, some of the config files has been reset to default state, which reduced level of security. Most distributions have use a separate directory (conf.d, sites-available, etc) to house local config files, this helps avoid the problem of an update replacing apaches main config file an erasing all local configurations. Of course there are some people who still make all their configuration changes in apache's main config file rather than using local config files, so if it did get replaced then they would loose any changes they have made. Another big advantage of using local config files for most of your settings is that you can easily replicate security settings from one server to another by simply copying the one file, rather than cutting and pasting lines and hoping that you have got all the relevant ones. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.