Hi,
As others have pointed out, as long as you're patched up, the fixes are
backported.
Checkbox security is lame. I strongly recommend setting
ServerToken ProductOnly
See http://httpd.apache.org/docs/1.3/mod/core.html#servertokens for more.
It's more secure, because a script kiddie looking in netcraft for attack
vectors won't find your server because it's running some version of PHP.
Plus, you'll pass the 'scamalert' scans :)
On 10/5/07, Jesse Cantara <jesse_cantara at esupport.com>
wrote:>
> Hello,
>
> I am looking for some advice on a way to update some packages to newer
> releases than are available in the standard CentOS repositories.
> Specifically, I am trying to update apache and PHP to conform to
> "Scanalert"'s "Hacker Safe" website security scan,
and the required
> versions do not exist in the CentOS repositories. I'm using CentOS 5.
>
> I wish to stay within the realm of yum, in order to avoid
> RPM-dependency-heck which I have experienced before, trying to source
> random third party RPMs that never work out properly. I also wish to
> keep the system in a better state of maintenance by sticking to yum.
> It's just more organized (and easier) and will help keep things up to
> date in the future as well.
>
> Is there any other option than to go with a 3rd party repository to
> hopefully find later versions of apache and PHP? Does anybody have a
> recommended repository source?
>
> Thank you for any help and advice you can give,
> -Jesse Cantara
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos/attachments/20071007/bd1de37e/attachment-0005.html>