1

I am facing some problems regarding Apache patches. Can someone enlighten me by pinpointing some step-by-step directions for applying patches to an Apache server in a production environment?

Skyhawk
  • 14,149
  • 3
  • 52
  • 95
newbie.my
  • 13
  • 3

2 Answers2

3

You can use yum to do this

sudo yum upgrade httpd

Will upgrade your Apache installation and it's dependencies to the latest available for your CentOS.

user9517
  • 114,104
  • 20
  • 206
  • 289
  • Sorry but I'm thinking about not using yum.Due to several problem, I want to do it by manually applying the patches.Is there any way without using yum? – newbie.my Mar 26 '12 at 09:42
  • 3
    @newbie.my: If you have to ask then you shouldn't be attempting it. Either use yum or don't do it anything else will put you in a world of difficulty. – user9517 Mar 26 '12 at 09:52
  • 1
    @newbie.my, if you're worried about security patches, take a look at, say, this post: http://serverfault.com/questions/97125/yum-doesnt-update-httpd-past-version-2-2-3-on-centos The point being, RHEL/CentOS will backport security patches to the version that's standardized on for that particular release. You do not have to apply security patches, and RHEL/CentOS will do a better job than you. – cjc Mar 26 '12 at 11:07
2

There are many different methodologies for deploying patches. As mentioned above installing httpd / php / perl / mysql via yum is one way then you can simply use yum to manage your updates. Another way is you could compile from source. This allows you a great deal more control over your update/upgrade paths and you are not reliant on someone to create a package for a zero day exploits or patches that have not been released to yum.

For our core services we typically compile from source to assure they are configured the exact way we want and we can be judicious for each update. Not to mention there is less opportunity to update/upgrade versions of by typing: # yum -y update *

Which has happened before. If you are wanting to update Apache via source it's pretty simple. Typically what we do is keep a repository of installed packages and sources in /usr/local/src/

If you still have the original source install directory you can download the version you want to upgrade to, extract it to it's own directory. Copy the config.nice over to the new install and run the config.nice and it will install/keep all the old setting. Then you just backup the src directory along with your web directory and you can redeploy or add servers pretty fast.

Here is a sample of the steps I suggested.

# cd /usr/local/src/Apache-$version
# cp ../Apache-$old-version/config.nice .
#./config.nice
# make; make install
# /etc/init.d/httpd restart

You need to decide on what version and install parameters you want to run. Make the initial install and then you have a path moving forward using the steps above. Best of luck!

J Baron
  • 338
  • 1
  • 7