Re: [d-security] Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities

[Adam ENDRODI <borso@vekoll.saturnus.vein.hu>]

On Tue, Jul 27, 2004 at 01:42:19PM +0200, Christian Hammers wrote:
> 
> On Tue, Jul 27, 2004 at 01:01:10PM +0200, Rhesa Rozendaal wrote:
> > In my case, the frontend handles SSL connections. Its config file is 
> > /etc/apache/ht-light.conf.
> > The backend instance uses the original filename /etc/apache/httpd.conf.
> > The frontend is already bound to port 443. The backend tried to restart, 
> > but now has a load mod_ssl line, and can't start. And now our 
> > application won't run...
> Oh, come on, if you "apt-get install" the Apache SSL module then you
> really can expect it to actually get installed in the httpd.conf :-)

Depends on you taste.  For me, I'd rather upgrade scripts did not
mess with my config files, which I have (well, I'm supposed to have)
crafted carefully.  The same goes for automatic service restarts.
Don't take it as a complaint.

> > Mind you, the downtime ws limmited to some 5 hours, while it was night 
> > in the USA, so there's hardly any damage done wrt our customers. There's 
> If you run service for customers you should really install some kind of
> watchdog on a different machine that monitors your servers and can
> contact you by mail/SMS/phonering...

Could you recommend some *simple*, yet effective stuff? I'm tired
of coding up dirty are-you-alive? scripts..

> Also I would recommend you to try using RCS for these kind of config
> files so you can review changes and/or keep the files readonly.

darcs power :)

bit,
adam

-- 
Am I a cleric?     | 1024D/37B8D989
Or maybe a sinner? | 954B 998A E5F5 BA2A 3622
Unbeliever?        | 82DD 54C2 843D 37B8 D989
Renegade?          | http://sks.dnsalias.net