Upgrading Apache to 2.2.6 on Solaris 7

I needed to update the version of Apache on a Sun SPARC/Solaris 7 system to version 2.2.6. Upgrading required openssl version 0.9.8k. I checked the version of openssl currently on the system.

# /usr/local/ssl/bin/openssl version
OpenSSL 0.9.8j 07 Jan 2009

I downloaded openssl-0.9.8k-sol7-sparc-local.gz and installed it.

# gunzip openssl-0.9.8k-sol7-sparc-local.gz
# pkgadd -d openssl-0.9.8k-sol7-sparc-local

The following packages are available:
  1  SMCossl     openssl
                 (sparc) 0.9.8k

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1
<text snipped>
[ verifying class <none> ]

Installation of <SMCossl> was successful.
# /usr/local/ssl/bin/openssl version
OpenSSL 0.9.8k 25 Mar 2009

After backing up the Apache configuration file, /usr/local/apache2/conf/httpd.conf, I then installed the updated version of Apache.

# gunzip apache-2.2.6-sol7-sparc-local.gz
# pkgadd -d apache-2.2.6-sol7-sparc-local

The following packages are available:
  1  SMCap226     apache
                  (sparc) 2.2.6

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1

Processing package instance <SMCap226> from </home/jsmith/apache-2.2.6-sol7-sparc-local>

(sparc) 2.2.6
The Apache Group
Using </usr/local> as the package base directory.
## Processing package information.
## Processing system information.
   35 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.

The following files are already installed on the system and are being
used by another package:
* /usr/local/apache2 <attribute change only>
* /usr/local/apache2/conf/httpd.conf
<text snipped>

* - conflict with a file which does not belong to any package.

Do you want to install these conflicting files [y,n,?,q] y
## Checking for setuid/setgid programs.

Installing apache as <SMCap226>

## Installing part 1 of 1.
<text snipped>
[ verifying class <none> ]

Installation of <SMCap226> was successful.

Since the installation procedure overwrote the existing Apache configuration file httpd.conf in which I had the virtual hosts on the server defined, after first saving a copy of the newly installed httpd.conf file, I restored the httpd.conf from the backup I made of the file prior to upgrading Apache to version 2.2.6. I then tried to restart the Apache webserver with apachectl restart, but got an error message:

# /usr/local/apache2/bin/apachectl restart
httpd: Syntax error on line 219 of /usr/local/apache2/conf/httpd.conf: API modul
e structure 'access_module' in file /usr/local/apache2/modules/mod_access.so is 
garbled - expected signature 41503232 but saw 41503230 - perhaps this is not an 
Apache module DSO, or was compiled for a different Apache version?

I checked the compiled in modules and the version of Apache.

# /usr/local/apache2/bin/httpd -l
Compiled in modules:
# /usr/local/apache2/bin/httd -v
/usr/local/apache2/bin/httd: not found
# /usr/local/apache2/bin/httpd -v
Server version: Apache/2.2.6 (Unix)
Server built:   Nov 29 2007 04:50:40

Checking on the problem, I found the following at Upgrading to httpd 2.2.6 on RHEL and CentOS:

mod_access does not exist in Apache 2.2.
Therefore you are using an incorrect .conf file or more likely, you have coped all of the old modules from the old config file into the new one that you just renamed.

If you did do that, then a lot of the old modules do not work.

Instead, the Apache 2.2 config file uses modules like:

LoadModule auth_basic_module modules/mod_auth_basic.so

you did back up the new conf file before you changed it didnt you?!

When I looked in the /usr/local/apache2/modules directory, I saw that the mod_access.so file had an August 26, 2006 date, which indicated the module was for the prior 2.0.59 version of Apache rather than the new 2.2.6 version. The modules for the new version had a November 30, 2007 date.

# ls -l /usr/local/apache2/modules
total 3732
-rw-r--r--   1 bin      bin         8951 Nov 30  2007 httpd.exp
-rwxr-xr-x   1 bin      bin        68652 Aug 26  2006 mod_access.so
-rwxr-xr-x   1 bin      bin        10356 Nov 30  2007 mod_actions.so
-rwxr-xr-x   1 bin      bin        14772 Nov 30  2007 mod_alias.so
-rwxr-xr-x   1 bin      bin         9488 Nov 30  2007 mod_asis.so
-rwxr-xr-x   1 bin      bin        75356 Aug 26  2006 mod_auth.so
-rwxr-xr-x   1 bin      bin        70272 Aug 26  2006 mod_auth_anon.so
-rwxr-xr-x   1 bin      bin        11684 Nov 30  2007 mod_auth_basic.so
-rwxr-xr-x   1 bin      bin        74552 Aug 26  2006 mod_auth_dbm.so
-rwxr-xr-x   1 bin      bin        34700 Nov 30  2007 mod_auth_digest.so
-rwxr-xr-x   1 bin      bin         9560 Nov 30  2007 mod_authn_anon.so
-rwxr-xr-x   1 bin      bin        10728 Nov 30  2007 mod_authn_dbd.so
-rwxr-xr-x   1 bin      bin         9784 Nov 30  2007 mod_authn_dbm.so
-rwxr-xr-x   1 bin      bin         8420 Nov 30  2007 mod_authn_default.so
-rwxr-xr-x   1 bin      bin         9476 Nov 30  2007 mod_authn_file.so
-rwxr-xr-x   1 bin      bin        11760 Nov 30  2007 mod_authz_dbm.so
-rwxr-xr-x   1 bin      bin         8120 Nov 30  2007 mod_authz_default.so
-rwxr-xr-x   1 bin      bin        13004 Nov 30  2007 mod_authz_groupfile.so
-rwxr-xr-x   1 bin      bin        11388 Nov 30  2007 mod_authz_host.so
-rwxr-xr-x   1 bin      bin        10296 Nov 30  2007 mod_authz_owner.so
-rwxr-xr-x   1 bin      bin         8880 Nov 30  2007 mod_authz_user.so
-rwxr-xr-x   1 bin      bin        42260 Nov 30  2007 mod_autoindex.so
-rwxr-xr-x   1 bin      bin        11228 Nov 30  2007 mod_cern_meta.so
-rwxr-xr-x   1 bin      bin        29640 Nov 30  2007 mod_cgi.so
-rwxr-xr-x   1 bin      bin       107080 Nov 30  2007 mod_dav.so
-rwxr-xr-x   1 bin      bin        51212 Nov 30  2007 mod_dav_fs.so
-rwxr-xr-x   1 bin      bin        20152 Nov 30  2007 mod_dbd.so
-rwxr-xr-x   1 bin      bin        24104 Nov 30  2007 mod_deflate.so
-rwxr-xr-x   1 bin      bin        10032 Nov 30  2007 mod_dir.so
-rwxr-xr-x   1 bin      bin        12744 Nov 30  2007 mod_dumpio.so
-rwxr-xr-x   1 bin      bin         9264 Nov 30  2007 mod_env.so
-rwxr-xr-x   1 bin      bin        14072 Nov 30  2007 mod_expires.so
-rwxr-xr-x   1 bin      bin        24444 Nov 30  2007 mod_ext_filter.so
-rwxr-xr-x   1 bin      bin        18424 Nov 30  2007 mod_filter.so
-rwxr-xr-x   1 bin      bin        19744 Nov 30  2007 mod_headers.so
-rwxr-xr-x   1 bin      bin        11172 Nov 30  2007 mod_ident.so
-rwxr-xr-x   1 bin      bin        20176 Nov 30  2007 mod_imagemap.so
-rwxr-xr-x   1 bin      bin        88328 Aug 26  2006 mod_imap.so
-rwxr-xr-x   1 bin      bin        46304 Nov 30  2007 mod_include.so
-rwxr-xr-x   1 bin      bin        25208 Nov 30  2007 mod_info.so
-rwxr-xr-x   1 bin      bin        29116 Nov 30  2007 mod_log_config.so
-rwxr-xr-x   1 bin      bin        12552 Nov 30  2007 mod_log_forensic.so
-rwxr-xr-x   1 bin      bin        10008 Nov 30  2007 mod_logio.so
-rwxr-xr-x   1 bin      bin        19896 Nov 30  2007 mod_mime.so
-rwxr-xr-x   1 bin      bin        26972 Nov 30  2007 mod_mime_magic.so
-rwxr-xr-x   1 bin      bin        39088 Nov 30  2007 mod_negotiation.so
-rwxr-xr-x   1 bin      bin        83176 Nov 30  2007 mod_proxy.so
-rwxr-xr-x   1 bin      bin        40292 Nov 30  2007 mod_proxy_ajp.so
-rwxr-xr-x   1 bin      bin        31504 Nov 30  2007 mod_proxy_balancer.so
-rwxr-xr-x   1 bin      bin        12276 Nov 30  2007 mod_proxy_connect.so
-rwxr-xr-x   1 bin      bin        40000 Nov 30  2007 mod_proxy_ftp.so
-rwxr-xr-x   1 bin      bin        35400 Nov 30  2007 mod_proxy_http.so
-rwxr-xr-x   1 bin      bin        72840 Nov 30  2007 mod_rewrite.so
-rwxr-xr-x   1 bin      bin        13784 Nov 30  2007 mod_setenvif.so
-rwxr-xr-x   1 bin      bin        14380 Nov 30  2007 mod_speling.so
-rwxr-xr-x   1 bin      bin       205204 Nov 30  2007 mod_ssl.so
-rwxr-xr-x   1 bin      bin        27384 Nov 30  2007 mod_status.so
-rwxr-xr-x   1 bin      bin        10068 Nov 30  2007 mod_unique_id.so
-rwxr-xr-x   1 bin      bin        11048 Nov 30  2007 mod_userdir.so
-rwxr-xr-x   1 bin      bin        15188 Nov 30  2007 mod_usertrack.so
-rwxr-xr-x   1 bin      bin        10136 Nov 30  2007 mod_version.so
-rwxr-xr-x   1 bin      bin        12740 Nov 30  2007 mod_vhost_alias.so

Examining the httpd.conf file that was created when I upgraded to the 2.2.6 version of Apache, I saw that it was quite different. It had the following lines in it.

# Virtual hosts
#Include conf/extra/httpd-vhosts.conf

At Creating virtual hosts on Apache 2.2, I found the following:

Apache 2.2 adopts a modular approach to its main configuration file, httpd.conf. Although you can still put everything in the one big file, it's more efficient to use external files, and include only those that you need to implement. Consequently, it's no longer recommended to define virtual hosts at the bottom of httpd.conf. Instead, you include an external filed called httpd-vhosts.conf.

I removed the # from the beginning of the Include conf/extra/httpd-vhosts.conf line in /usr/local/apache2/conf/httpd.conf. I then added the virtual hosts sections from the end of the httpd.conf file I had used with Apache 2.0.59 to the /usr/local/apache2/conf/extra/httpd-vhosts.conf file.

I tried restarting Apache, but saw a warning message:

# /usr/local/apache2/bin/apachectl restart
[Mon Jun 22 22:27:42 2009] [warn] NameVirtualHost *:80 has no VirtualHosts

In httpd.conf, I placed my email address in the ServerAdmin line in that file. I also removed the # from the beginning of the #ServerName www.example.com:80 line and specified the actual server name instead of www.example.com:80.

In /usr/local/apache2/conf/extra/httpd-ssl.conf, I removed the pound signs from the beginning of the SSLRandomSeed lines.

# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup file:/dev/random  512
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/random  512
SSLRandomSeed connect file:/dev/urandom 512

I tried to restart Apache, but got the following error message:

# /usr/local/apache2/bin/apachectl restart
Syntax error on line 24 of /usr/local/apache2/conf/extra/httpd-ssl.conf:
SSLRandomSeed: source path '/dev/random' does not exist
httpd not running, trying to start

This system is a Solaris 7 system, but, apparently the absence of the /dev/random file can be a problem on at least some HP-UX systems as well as Solaris systems, according to no /dev/random on HP-UX.

According to the /dev/random article on Wikipedia, the /dev/random file "is a special file that serves as a true random number generator or as a pseudorandom number generator. It allows access to environmental noise collected from device drivers and other sources. Not all operating systems implement the same semantics for /dev/random. Linux was the first operating system to implement a true random number generator in this way."

At SUMMARY of Solaris random gatherer options (long), I found options listed for generating random or pseudo random data for entryop. In addition to other options, the posting mentioned a patch available from Sun that would create /dev/random.

2. /dev/random as provided by Sun package SUNWski

This software was developed by Sun as part of the unbundled product Sun Webserver 2.0 on the Solaris Easy Access Server 3.0 CD. This product was supported for Solaris 2.6 and 7, but not 8 (because Sun is now using Apache or Netscape's web server). However, the SUNWski package still works fine on Solaris 8, provides entropy much faster than egd (it's a daemon written in C) and was reviewed to provide high quality entropy:

At A brief history of /dev/random in Solaris, I found "A /dev/random interface for Solaris first appeared as part of the unbundled SUNWski package in Solaris 7. /dev/random in SUNWski is actually implemented as a named pipe which was written to by a daemon process. A named pipe made sense because it was all done in user land. Starting from Solaris 9, /dev/random and /dev/urandom became device nodes since a kernel-based implementation was done."

I found information on the SUNWski patch at Sun WebServer 1.0: Security and Preformance international Patch. I tried to download the SUNWski patch from Sun's website, but receive the message "Our records are showing that you only have access to public content. A valid service contract is required to access restricted content." At the bottom of the webpage I saw "Contract number is required to access restricted content and patches."

Since I couldn't download the SUNWski patch, I decided to use another option suggested at SUMMARY of Solaris random gatherer options (long), which was option 3, " /dev/random and /dev/urandom by Andreas Maier"

# umask 022
# pkgadd -d -d ANDIrand-0.7-5.7-sparc-1.pkg
pkgadd: ERROR: attempt to process datastream failed
    - open of <-d> failed, errno=2
pkgadd: ERROR: could not process datastream from <-d>
# pkgadd -d ANDIrand-0.7-5.7-sparc-1.pkg

The following packages are available:
  1  ANDIrand     random-0.7
                  (sparc) 0.7

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1

Processing package instance <ANDIrand> from </home/jsmith/sysadmin/ANDIrand-0.7-5.7-sparc-1

(sparc) 0.7

   random number generator

   Copyright (c) Andreas Maier, 2000. All rights reserved.
   Andreas Maier <andi@cosy.sbg.ac.at>

   Redistribution and use in source and binary forms, with or without
   modification, are permitted provided that the following conditions
   are met:
   1. Redistributions of source code must retain the above copyright
      notice, and the entire permission notice in its entirety,
      including the disclaimer of warranties.
   2. Redistributions in binary form must reproduce the above copyright
      notice, this list of conditions and the following disclaimer in the
      documentation and/or other materials provided with the distribution.
   3. The name of the author may not be used to endorse or promote
      products derived from this software without specific prior
      written permission.

   ALTERNATIVELY, this product may be distributed under the terms of
   the GNU Public License, in which case the provisions of the GPL are
   required INSTEAD OF the above restrictions.  (This clause is
   necessary due to a potential bad interaction between the GPL and
   the restrictions contained in a BSD-style copyright.)


   package stuff by Willi Burmeister <wib@cs.uni-kiel.de>

## Executing checkinstall script.
## Processing package information.
## Processing system information.
   8 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.

This package contains scripts which will be executed with super-user
permission during the process of installing this package.

Do you want to continue with the installation of <ANDIrand> [y,n,?] y

Installing random-0.7 as <ANDIrand>

## Installing part 1 of 1.
[ verifying class <none>]
/etc/rc0.d/K50random <linked pathname>
/etc/rc2.d/S60random <linked pathname>
Modifying /etc/devlink.tab
[ verifying class <sed> ]
[ verifying class <km64> ]
## Executing postinstall script.
Initializing random number generator...

Installation of <ANDIrand> was successful.

After the installation completed, I found /dev/random and /dev/urandom on the system.

# ls -l /dev/*random
lrwxrwxrwx   1 root     other         33 Jun 23 15:59 /dev/random -> ../devices/
lrwxrwxrwx   1 root     other         34 Jun 23 15:59 /dev/urandom -> ../devices

When I then tried starting Apache again, I saw the following error message:

# /usr/local/apache2/bin/apachectl start
Syntax error on line 99 of /usr/local/apache2/conf/extra/httpd-ssl.conf:
SSLCertificateFile: file '/usr/local/apache2/conf/server.crt' does not exist or 
is empty

After first making a backup of the file, I then removed the VirtualHost section from /usr/local/apache2/conf/extra/httpd-ssl.conf, i.e. everything from <VirtualHost _default_:443> to <VirtualHost>. For those virtual hosts for which I was using SSL support, I left the VirtualHost blocks I had in the httpd.conf file for version 2.0.59 of Apache in httpd-vhosts.conf.

When I then tried starting Apache again, I saw the message below, although the Apache server did start. However, when I tried accessing one of the websites, I got a message "You don't have permission to access / on this server."

# /usr/local/apache2/bin/apachectl start
[Tue Jun 23 16:29:30 2009] [warn] NameVirtualHost *:80 has no VirtualHosts

I removed the :80 from the end of the NameVirtualHost *:80 line in httpd-vhosts.conf and restarted Apache. I didn't get the warning message then when I restarted Apache, but I still got the same "You don't have permission to access / on this server." message when I tried accessing any of the websites on the server.

When I looked in the transfer file for websites, I saw entries such as the following: - - [23/Jun/2009:16:36:21 -0400] "GET / HTTP/1.1" 403 202

In httpd.conf, I found the following:

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all

In my 2.0.59 httpd.conf file, I had the following:

<Directory />
    Options FollowSymLinks
    AllowOverride None
I changed the Deny from all line to Allow from all and restarted Apache. I was then able to access the default website on the server, but not other websites.


  1. Upgrading to httpd 2.2.6 on RHEL and CentOS
    By: Jason
    September 12, 2007
    Utter Ramblings
  2. Creating virtual hosts on Apache 2.2
    Foundation PHP-Books by David Powers
  3. /dev/random
    Wikipedia, the free encyclopedia
  4. no /dev/random on HP-UX
    Date: June 26, 1999
  5. A brief history of /dev/random in Solaris
    By: Krishna Yenduri
    Date: May 20, 2005
    Krishna Yenduri's Weblog
  6. Sun WebServer 1.0: Security and Preformance international Patch
    Update Date: Wed Dec 09 17:00:00 MST 1998
  7. Solaris /dev/random
    Adreas Maier


TechRabbit ad 300x250 newegg.com

Justdeals Daily Electronics Deals1x1 px

Valid HTML 4.01 Transitional

Created: June 23, 2009