Re: [d-security] Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities

[Christian Hammers <ch@lathspell.de>]

Hello Rhesa

On Tue, Jul 27, 2004 at 01:01:10PM +0200, Rhesa Rozendaal wrote:
> In my case, the frontend handles SSL connections. Its config file is 
> /etc/apache/ht-light.conf.
> The backend instance uses the original filename /etc/apache/httpd.conf.
> The frontend is already bound to port 443. The backend tried to restart, 
> but now has a load mod_ssl line, and can't start. And now our 
> application won't run...
Oh, come on, if you "apt-get install" the Apache SSL module then you
really can expect it to actually get installed in the httpd.conf :-)
(Otherwise hundrets of normal users would complain that SSL does not 
work although they "installed" it. So at least in my opinion the
behaviour is ok as special configs will always need attention)
 
> Mind you, the downtime ws limmited to some 5 hours, while it was night 
> in the USA, so there's hardly any damage done wrt our customers. There's 
If you run service for customers you should really install some kind of
watchdog on a different machine that monitors your servers and can
contact you by mail/SMS/phonering...
Also I would recommend you to try using RCS for these kind of config
files so you can review changes and/or keep the files readonly.

> Rhesa Rozendaal
bye,

-christian-