Topic: upgradeapache on sme 4.12

[hanscees]

hi,
this topic wascovered abit in 'blades are dangeous' (they are not by the way), but nobody is going to find it there.

My question is howto upgrade apache on a sme 4.12 server (without updating to 5.12 because that os too risky in one step).

Dan brown sais to use the rpm's of rpms.arvin.dk. But both rpm's (for redgat 7.1 amd 6.2) fail due to dependencies:

[root@e-smith apacheupdate]# rpm -Uhv apache-1.3.26-3.arvin.rh6.2.i586.rpm
error: failed dependencies:
        libexpat.so.0   is needed by apache-1.3.26-3.arvin.rh6.2
        libmm.so.1   is needed by apache-1.3.26-3.arvin.rh6.2
        apache = 1.3.14-3 is needed by mod_ssl-2.7.1-3
[root@e-smith apacheupdate]#
[root@e-smith apacheupdate]# cd rh71
[root@e-smith rh71]# ls
apache-1.3.26-3.arvin.rh7.1.i686.rpm
apache-manual-1.3.26-3.arvin.rh7.1.i686.rpm
mod_ssl-2.8.10-2.arvin.rh7.1.i586.rpm
[root@e-smith rh71]# rpm -uhv apache-1.3.26-3.arvin.rh7.1.i686.rpm
error: -u and --uninstall are deprecated and no longer work.
error: Use -e or --erase instead.
[root@e-smith rh71]# rpm -Uhv apache-1.3.26-3.arvin.rh7.1.i686.rpm
error: failed dependencies:
        libexpat.so.0   is needed by apache-1.3.26-3.arvin.rh7.1
        libmm.so.11   is needed by apache-1.3.26-3.arvin.rh7.1
        apache = 1.3.14-3 is needed by mod_ssl-2.7.1-3
[root@e-smith rh71]#
\
So what do I do now??

hc

[hanscees]

OK, I will answer it myself for those out there that are as lazy and conservative like me and use 4,12
I got my server to work fine with multiple virtual domains and thus ibays.
go to rpms.arvin.dk and get some rpm's. Install like this:


[root@e-smith apacheupdate]# ls
apache-1.3.26-3.arvin.rh6.2.i586.rpm         mm-1.1.3-
9.arvin.rh6.2.i586.rpm
apache-manual-1.3.26-3.arvin.rh6.2.i586.rpm  mod_ssl-2.8.10-
2.arvin.rh6.2.i586.rpm
expat-1.95.2-1.arvin.rh6.2.i586.rpm          rh71
[root@e-smith apacheupdate]# rpm -Uhv mm-1.1.3-
9.arvin.rh6.2.i586.rpm
mm                          
##################################################
[root@e-smith apacheupdate]# rpm -Uhv expat-1.95.2-
1.arvin.rh6.2.i586.rpm
expat                      
##################################################
[root@e-smith apacheupdate]# rpm -Uhv mod_ssl-2.8.10-
2.arvin.rh6.2.i586.rpm
mod_ssl                    
##################################################
[root@e-smith apacheupdate]# rpm -Uhv apache-1
error: cannot open file apache-1: No such file or directory
[root@e-smith apacheupdate]# rpm -Uhv apache-1.3.26-
3.arvin.rh6.2.i586.rpm
warning: /etc/httpd/conf/httpd.conf created as
/etc/httpd/conf/httpd.conf.rpmnew
apache                      
##################################################
cannot remove /var/www/icons - directory not empty
cannot remove /var/www/html - directory not empty
cannot remove /var/www/cgi-bin - directory not empty
cannot remove /var/www - directory not empty
[root@e-smith apacheupdate]#

[Nathan Fowler]

Don't forget to:
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/etc/rc.d/init.d/httpd restart
/etc/rc.d/init.d/httpd-admin restart

hanscees you may also want to upgrade your SSH at this time using http://rpms.arvin.dk, there is a post somewhere on here about the procedures.
Nathan

[hanscees]

thanks! Just done that!

I do not permit ssh external, so I will skip that. I will upgrade shortly anyway.

hc

[Peter Hollandare]

"I do not permit ssh external, so I will skip that. I will upgrade shortly anyway."

hanscees :

That doesnt mather, if you permit ssh or not, people (hackers), can still get root-access.

Only thing to do in this case is :

1. Turn off SSH *complete* (both external, internal).
2. Upgrade to latest SSH

[Dan Brown]

Peter, how can a remote attacker exploit an sshd vulnerability if the packet filter's dropping the packets before they get to sshd?

[Peter Hollandare]

By spoofing?

[Nathan Fowler]

It doesn't work that way, but for the sake of creating a 30+ thread lets just drop it