Re: [d-security] Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities
On Tue, Jul 27, 2004 at 01:42:19PM +0200, Christian Hammers wrote:
>
> On Tue, Jul 27, 2004 at 01:01:10PM +0200, Rhesa Rozendaal wrote:
> > In my case, the frontend handles SSL connections. Its config file is
> > /etc/apache/ht-light.conf.
> > The backend instance uses the original filename /etc/apache/httpd.conf.
> > The frontend is already bound to port 443. The backend tried to restart,
> > but now has a load mod_ssl line, and can't start. And now our
> > application won't run...
> Oh, come on, if you "apt-get install" the Apache SSL module then you
> really can expect it to actually get installed in the httpd.conf :-)
Depends on you taste. For me, I'd rather upgrade scripts did not
mess with my config files, which I have (well, I'm supposed to have)
crafted carefully. The same goes for automatic service restarts.
Don't take it as a complaint.
> > Mind you, the downtime ws limmited to some 5 hours, while it was night
> > in the USA, so there's hardly any damage done wrt our customers. There's
> If you run service for customers you should really install some kind of
> watchdog on a different machine that monitors your servers and can
> contact you by mail/SMS/phonering...
Could you recommend some *simple*, yet effective stuff? I'm tired
of coding up dirty are-you-alive? scripts..
> Also I would recommend you to try using RCS for these kind of config
> files so you can review changes and/or keep the files readonly.
darcs power :)
bit,
adam
--
Am I a cleric? | 1024D/37B8D989
Or maybe a sinner? | 954B 998A E5F5 BA2A 3622
Unbeliever? | 82DD 54C2 843D 37B8 D989
Renegade? | http://sks.dnsalias.net
Reply to: