httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: [users@httpd] Apache Administrator qualification
Date Sat, 14 Jan 2006 20:03:03 GMT
httpd2@karsites.net wrote:
> Some interesting points William.
> 
>>Could Sun/HP/IBM/RedHat develop a curriculum/certification 
>>for complete server administration, including Apache?  I 
>>suspect they not only could, but currently do have some 
>>credentials around Server Administration - which must 
>>include dns, sendmail, httpd and the dozens of other 
>>services which must be locked down.
> 
> Well, I thought a 'real' apache web server was supposed to 
> be a dedicated machine, not running other services that you 
> mention above.

Certainly I would prefer seperate boxes, or seperate VM's, in any production
environment...

> So that would imply a minimal system, only running the 
> Apache daemon, and nothing else that is not required to 
> support the web server. This machine would be made as secure 
> as possible, and regular security updates applied.

None the less, you can't do that without intimate knowledge of the specific
operating system you deploy httpd on.  Do ACL's apply?  Does SELinux lockdown
apply?  Does chroot apply?

You can't seperate the security, performance, robustness of httpd from the
operating system it's deployed to, which is why I suggest that stand-alone
httpd certification would be somewhat useless.  Also consider that HOW httpd
is deployed, locations of logs, access control/htpasswd files, content, etc.
along with scripting languages and how those are deployed is all part and
parcel with how the OS vendor distributes Apache httpd, if using the vendor's
distribution.

Believe me, I've landed in plenty of Apache distributions by OS vendors and
become completely lost in the 'mess' they created :-)

Bill

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message