I needed to update the version of Apache on a Sun SPARC/Solaris 7 system to version 2.2.6. Upgrading required openssl version 0.9.8k. I checked the version of openssl currently on the system.
# /usr/local/ssl/bin/openssl version OpenSSL 0.9.8j 07 Jan 2009
I downloaded openssl-0.9.8k-sol7-sparc-local.gz and installed it.
# gunzip openssl-0.9.8k-sol7-sparc-local.gz
# pkgadd -d openssl-0.9.8k-sol7-sparc-local
The following packages are available:
1 SMCossl openssl
(sparc) 0.9.8k
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1
<text snipped>
/usr/local/ssl/man/man3/BN_add.3
/usr/local/ssl/man/man3/BN_add_word.3
/usr/local/ssl/man/man3/BN_bn2bin.3
/usr/local/ssl/man/man3/BN_cmp.3
/usr/local/ssl/man/man3/BN_copy.3
/usr/local/ssl/man/man3/BN_generate_prime.3
/usr/local/ssl/man/man3/BN_mod_inverse.3
/usr/local/ssl/man/man3/BN_mod_mul_montgomery.3
/usr/local/ssl/man/man3/BN_mod_mul_reciprocal.3
/usr/local/ssl/man/man3/BN_new.3
/usr/local/ssl/man/man3/BN_num_bytes.3
/usr/local/ssl/man/man3/BN_rand.3
/usr/local/ssl/man/man3/BN_set_bit.3
/usr/local/ssl/man/man3/BN_swap.3
/usr/local/ssl/man/man3/BN_zero.3
/usr/local/ssl/man/man3/CONF_modules_free.3
/usr/local/ssl/man/man3/CONF_modules_load_file.3
/usr/local/ssl/man/man3/CRYPTO_set_ex_data.3
/usr/local/ssl/man/man3/DH_generate_key.3
/usr/local/ssl/man/man3/DH_generate_parameters.3
/usr/local/ssl/man/man3/DH_get_ex_new_index.3
/usr/local/ssl/man/man3/DH_new.3
/usr/local/ssl/man/man3/DH_set_method.3
/usr/local/ssl/man/man3/DH_size.3
/usr/local/ssl/man/man3/DSA_SIG_new.3
/usr/local/ssl/man/man3/DSA_do_sign.3
/usr/local/ssl/man/man3/DSA_dup_DH.3
/usr/local/ssl/man/man3/DSA_generate_key.3
/usr/local/ssl/man/man3/DSA_generate_parameters.3
/usr/local/ssl/man/man3/DSA_get_ex_new_index.3
/usr/local/ssl/man/man3/DSA_new.3
/usr/local/ssl/man/man3/DSA_set_method.3
/usr/local/ssl/man/man3/DSA_sign.3
/usr/local/ssl/man/man3/DSA_size.3
/usr/local/ssl/man/man3/ERR_GET_LIB.3
/usr/local/ssl/man/man3/ERR_clear_error.3
/usr/local/ssl/man/man3/ERR_error_string.3
/usr/local/ssl/man/man3/ERR_get_error.3
/usr/local/ssl/man/man3/ERR_load_crypto_strings.3
/usr/local/ssl/man/man3/ERR_load_strings.3
/usr/local/ssl/man/man3/ERR_print_errors.3
/usr/local/ssl/man/man3/ERR_put_error.3
/usr/local/ssl/man/man3/ERR_remove_state.3
/usr/local/ssl/man/man3/ERR_set_mark.3
/usr/local/ssl/man/man3/EVP_BytesToKey.3
/usr/local/ssl/man/man3/EVP_DigestInit.3
/usr/local/ssl/man/man3/EVP_EncryptInit.3
/usr/local/ssl/man/man3/EVP_OpenInit.3
/usr/local/ssl/man/man3/EVP_PKEY_new.3
/usr/local/ssl/man/man3/EVP_PKEY_set1_RSA.3
/usr/local/ssl/man/man3/EVP_SealInit.3
/usr/local/ssl/man/man3/EVP_SignInit.3
/usr/local/ssl/man/man3/EVP_VerifyInit.3
/usr/local/ssl/man/man3/OBJ_nid2obj.3
/usr/local/ssl/man/man3/OPENSSL_Applink.3
/usr/local/ssl/man/man3/OPENSSL_VERSION_NUMBER.3
/usr/local/ssl/man/man3/OPENSSL_config.3
/usr/local/ssl/man/man3/OPENSSL_ia32cap.3
/usr/local/ssl/man/man3/OPENSSL_load_builtin_modules.3
/usr/local/ssl/man/man3/OpenSSL_add_all_algorithms.3
/usr/local/ssl/man/man3/PKCS12_create.3
/usr/local/ssl/man/man3/PKCS12_parse.3
/usr/local/ssl/man/man3/PKCS7_decrypt.3
/usr/local/ssl/man/man3/PKCS7_encrypt.3
/usr/local/ssl/man/man3/PKCS7_sign.3
/usr/local/ssl/man/man3/PKCS7_verify.3
/usr/local/ssl/man/man3/RAND_add.3
/usr/local/ssl/man/man3/RAND_bytes.3
/usr/local/ssl/man/man3/RAND_cleanup.3
/usr/local/ssl/man/man3/RAND_egd.3
/usr/local/ssl/man/man3/RAND_load_file.3
/usr/local/ssl/man/man3/RAND_set_rand_method.3
/usr/local/ssl/man/man3/RSA_blinding_on.3
/usr/local/ssl/man/man3/RSA_check_key.3
/usr/local/ssl/man/man3/RSA_generate_key.3
/usr/local/ssl/man/man3/RSA_get_ex_new_index.3
/usr/local/ssl/man/man3/RSA_new.3
/usr/local/ssl/man/man3/RSA_padding_add_PKCS1_type_1.3
/usr/local/ssl/man/man3/RSA_print.3
/usr/local/ssl/man/man3/RSA_private_encrypt.3
/usr/local/ssl/man/man3/RSA_public_encrypt.3
/usr/local/ssl/man/man3/RSA_set_method.3
/usr/local/ssl/man/man3/RSA_sign.3
/usr/local/ssl/man/man3/RSA_sign_ASN1_OCTET_STRING.3
/usr/local/ssl/man/man3/RSA_size.3
/usr/local/ssl/man/man3/SMIME_read_PKCS7.3
/usr/local/ssl/man/man3/SMIME_write_PKCS7.3
/usr/local/ssl/man/man3/SSL_CIPHER_get_name.3
/usr/local/ssl/man/man3/SSL_COMP_add_compression_method.3
/usr/local/ssl/man/man3/SSL_CTX_add_extra_chain_cert.3
/usr/local/ssl/man/man3/SSL_CTX_add_session.3
/usr/local/ssl/man/man3/SSL_CTX_ctrl.3
/usr/local/ssl/man/man3/SSL_CTX_flush_sessions.3
/usr/local/ssl/man/man3/SSL_CTX_free.3
/usr/local/ssl/man/man3/SSL_CTX_get_ex_new_index.3
/usr/local/ssl/man/man3/SSL_CTX_get_verify_mode.3
/usr/local/ssl/man/man3/SSL_CTX_load_verify_locations.3
/usr/local/ssl/man/man3/SSL_CTX_new.3
/usr/local/ssl/man/man3/SSL_CTX_sess_number.3
/usr/local/ssl/man/man3/SSL_CTX_sess_set_cache_size.3
/usr/local/ssl/man/man3/SSL_CTX_sess_set_get_cb.3
/usr/local/ssl/man/man3/SSL_CTX_sessions.3
/usr/local/ssl/man/man3/SSL_CTX_set_cert_store.3
/usr/local/ssl/man/man3/SSL_CTX_set_cert_verify_callback.3
/usr/local/ssl/man/man3/SSL_CTX_set_cipher_list.3
/usr/local/ssl/man/man3/SSL_CTX_set_client_CA_list.3
/usr/local/ssl/man/man3/SSL_CTX_set_client_cert_cb.3
/usr/local/ssl/man/man3/SSL_CTX_set_default_passwd_cb.3
/usr/local/ssl/man/man3/SSL_CTX_set_generate_session_id.3
/usr/local/ssl/man/man3/SSL_CTX_set_info_callback.3
/usr/local/ssl/man/man3/SSL_CTX_set_max_cert_list.3
/usr/local/ssl/man/man3/SSL_CTX_set_mode.3
/usr/local/ssl/man/man3/SSL_CTX_set_msg_callback.3
/usr/local/ssl/man/man3/SSL_CTX_set_options.3
/usr/local/ssl/man/man3/SSL_CTX_set_quiet_shutdown.3
/usr/local/ssl/man/man3/SSL_CTX_set_session_cache_mode.3
/usr/local/ssl/man/man3/SSL_CTX_set_session_id_context.3
/usr/local/ssl/man/man3/SSL_CTX_set_ssl_version.3
/usr/local/ssl/man/man3/SSL_CTX_set_timeout.3
/usr/local/ssl/man/man3/SSL_CTX_set_tmp_dh_callback.3
/usr/local/ssl/man/man3/SSL_CTX_set_tmp_rsa_callback.3
/usr/local/ssl/man/man3/SSL_CTX_set_verify.3
/usr/local/ssl/man/man3/SSL_CTX_use_certificate.3
/usr/local/ssl/man/man3/SSL_SESSION_free.3
/usr/local/ssl/man/man3/SSL_SESSION_get_ex_new_index.3
/usr/local/ssl/man/man3/SSL_SESSION_get_time.3
/usr/local/ssl/man/man3/SSL_accept.3
/usr/local/ssl/man/man3/SSL_alert_type_string.3
/usr/local/ssl/man/man3/SSL_clear.3
/usr/local/ssl/man/man3/SSL_connect.3
/usr/local/ssl/man/man3/SSL_do_handshake.3
/usr/local/ssl/man/man3/SSL_free.3
/usr/local/ssl/man/man3/SSL_get_SSL_CTX.3
/usr/local/ssl/man/man3/SSL_get_ciphers.3
/usr/local/ssl/man/man3/SSL_get_client_CA_list.3
/usr/local/ssl/man/man3/SSL_get_current_cipher.3
/usr/local/ssl/man/man3/SSL_get_default_timeout.3
/usr/local/ssl/man/man3/SSL_get_error.3
/usr/local/ssl/man/man3/SSL_get_ex_data_X509_STORE_CTX_idx.3
/usr/local/ssl/man/man3/SSL_get_ex_new_index.3
/usr/local/ssl/man/man3/SSL_get_fd.3
/usr/local/ssl/man/man3/SSL_get_peer_cert_chain.3
/usr/local/ssl/man/man3/SSL_get_peer_certificate.3
/usr/local/ssl/man/man3/SSL_get_rbio.3
/usr/local/ssl/man/man3/SSL_get_session.3
/usr/local/ssl/man/man3/SSL_get_verify_result.3
/usr/local/ssl/man/man3/SSL_get_version.3
/usr/local/ssl/man/man3/SSL_library_init.3
/usr/local/ssl/man/man3/SSL_load_client_CA_file.3
/usr/local/ssl/man/man3/SSL_new.3
/usr/local/ssl/man/man3/SSL_pending.3
/usr/local/ssl/man/man3/SSL_read.3
/usr/local/ssl/man/man3/SSL_rstate_string.3
/usr/local/ssl/man/man3/SSL_session_reused.3
/usr/local/ssl/man/man3/SSL_set_bio.3
/usr/local/ssl/man/man3/SSL_set_connect_state.3
/usr/local/ssl/man/man3/SSL_set_fd.3
/usr/local/ssl/man/man3/SSL_set_session.3
/usr/local/ssl/man/man3/SSL_set_shutdown.3
/usr/local/ssl/man/man3/SSL_set_verify_result.3
/usr/local/ssl/man/man3/SSL_shutdown.3
/usr/local/ssl/man/man3/SSL_state_string.3
/usr/local/ssl/man/man3/SSL_want.3
/usr/local/ssl/man/man3/SSL_write.3
/usr/local/ssl/man/man3/X509_NAME_ENTRY_get_object.3
/usr/local/ssl/man/man3/X509_NAME_add_entry_by_txt.3
/usr/local/ssl/man/man3/X509_NAME_get_index_by_NID.3
/usr/local/ssl/man/man3/X509_NAME_print_ex.3
/usr/local/ssl/man/man3/X509_new.3
/usr/local/ssl/man/man3/bio.3
/usr/local/ssl/man/man3/blowfish.3
/usr/local/ssl/man/man3/bn.3
/usr/local/ssl/man/man3/bn_internal.3
/usr/local/ssl/man/man3/buffer.3
/usr/local/ssl/man/man3/crypto.3
/usr/local/ssl/man/man3/d2i_ASN1_OBJECT.3
/usr/local/ssl/man/man3/d2i_DHparams.3
/usr/local/ssl/man/man3/d2i_DSAPublicKey.3
/usr/local/ssl/man/man3/d2i_PKCS8PrivateKey.3
/usr/local/ssl/man/man3/d2i_RSAPublicKey.3
/usr/local/ssl/man/man3/d2i_SSL_SESSION.3
/usr/local/ssl/man/man3/d2i_X509.3
/usr/local/ssl/man/man3/d2i_X509_ALGOR.3
/usr/local/ssl/man/man3/d2i_X509_CRL.3
/usr/local/ssl/man/man3/d2i_X509_NAME.3
/usr/local/ssl/man/man3/d2i_X509_REQ.3
/usr/local/ssl/man/man3/d2i_X509_SIG.3
/usr/local/ssl/man/man3/des.3
/usr/local/ssl/man/man3/dh.3
/usr/local/ssl/man/man3/dsa.3
/usr/local/ssl/man/man3/ecdsa.3
/usr/local/ssl/man/man3/engine.3
/usr/local/ssl/man/man3/err.3
/usr/local/ssl/man/man3/evp.3
/usr/local/ssl/man/man3/hmac.3
/usr/local/ssl/man/man3/lh_stats.3
/usr/local/ssl/man/man3/lhash.3
/usr/local/ssl/man/man3/md5.3
/usr/local/ssl/man/man3/mdc2.3
/usr/local/ssl/man/man3/pem.3
/usr/local/ssl/man/man3/rand.3
/usr/local/ssl/man/man3/rc4.3
/usr/local/ssl/man/man3/ripemd.3
/usr/local/ssl/man/man3/rsa.3
/usr/local/ssl/man/man3/sha.3
/usr/local/ssl/man/man3/ssl.3
/usr/local/ssl/man/man3/threads.3
/usr/local/ssl/man/man3/ui.3
/usr/local/ssl/man/man3/ui_compat.3
/usr/local/ssl/man/man3/x509.3
/usr/local/ssl/man/man5/config.5
/usr/local/ssl/man/man5/x509v3_config.5
/usr/local/ssl/man/man7/des_modes.7
/usr/local/ssl/misc/CA.pl
/usr/local/ssl/misc/CA.sh
/usr/local/ssl/misc/c_hash
/usr/local/ssl/misc/c_info
/usr/local/ssl/misc/c_issuer
/usr/local/ssl/misc/c_name
/usr/local/ssl/openssl.cnf
[ verifying class <none> ]
Installation of <SMCossl> was successful.
# /usr/local/ssl/bin/openssl version
OpenSSL 0.9.8k 25 Mar 2009After backing up the Apache configuration file,
/usr/local/apache2/conf/httpd.conf, I then installed the updated
version of Apache.
# gunzip apache-2.2.6-sol7-sparc-local.gz
# pkgadd -d apache-2.2.6-sol7-sparc-local
The following packages are available:
1 SMCap226 apache
(sparc) 2.2.6
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1
Processing package instance <SMCap226> from </home/jsmith/apache-2.2.6-sol7-sparc-local>
apache
(sparc) 2.2.6
The Apache Group
Using </usr/local> as the package base directory.
## Processing package information.
## Processing system information.
35 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
The following files are already installed on the system and are being
used by another package:
* /usr/local/apache2 <attribute change only>
/usr/local/apache2/bin/ab
/usr/local/apache2/bin/apachectl
/usr/local/apache2/bin/apxs
/usr/local/apache2/bin/checkgid
/usr/local/apache2/bin/dbmmanage
/usr/local/apache2/bin/envvars
/usr/local/apache2/bin/envvars-std
/usr/local/apache2/bin/htdbm
/usr/local/apache2/bin/htdigest
/usr/local/apache2/bin/htpasswd
/usr/local/apache2/bin/httpd
/usr/local/apache2/bin/httxt2dbm
/usr/local/apache2/bin/logresolve
/usr/local/apache2/bin/rotatelogs
/usr/local/apache2/build/apr_rules.mk
/usr/local/apache2/build/config.nice
/usr/local/apache2/build/config_vars.mk
/usr/local/apache2/build/instdso.sh
/usr/local/apache2/build/library.mk
/usr/local/apache2/build/libtool
/usr/local/apache2/build/ltlib.mk
/usr/local/apache2/build/make_exports.awk
/usr/local/apache2/build/make_var_export.awk
/usr/local/apache2/build/mkdir.sh
/usr/local/apache2/build/program.mk
/usr/local/apache2/build/rules.mk
/usr/local/apache2/build/special.mk
/usr/local/apache2/cgi-bin/printenv
/usr/local/apache2/cgi-bin/test-cgi
* /usr/local/apache2/conf/httpd.conf
/usr/local/apache2/conf/magic
/usr/local/apache2/conf/mime.types
/usr/local/apache2/error/HTTP_BAD_GATEWAY.html.var
/usr/local/apache2/error/HTTP_BAD_REQUEST.html.var
/usr/local/apache2/error/HTTP_FORBIDDEN.html.var
/usr/local/apache2/error/HTTP_GONE.html.var
/usr/local/apache2/error/HTTP_INTERNAL_SERVER_ERROR.html.var
/usr/local/apache2/error/HTTP_LENGTH_REQUIRED.html.var
<text snipped>
/usr/local/apache2/modules/mod_proxy_ftp.so
/usr/local/apache2/modules/mod_proxy_http.so
/usr/local/apache2/modules/mod_rewrite.so
/usr/local/apache2/modules/mod_setenvif.so
/usr/local/apache2/modules/mod_speling.so
/usr/local/apache2/modules/mod_ssl.so
/usr/local/apache2/modules/mod_status.so
/usr/local/apache2/modules/mod_unique_id.so
/usr/local/apache2/modules/mod_userdir.so
/usr/local/apache2/modules/mod_usertrack.so
/usr/local/apache2/modules/mod_version.so
/usr/local/apache2/modules/mod_vhost_alias.so
* - conflict with a file which does not belong to any package.
Do you want to install these conflicting files [y,n,?,q] y
## Checking for setuid/setgid programs.
Installing apache as <SMCap226>
## Installing part 1 of 1.
/usr/local/apache2/bin/ab
/usr/local/apache2/bin/apachectl
/usr/local/apache2/bin/apr-1-config
/usr/local/apache2/bin/apu-1-config
/usr/local/apache2/bin/apxs
/usr/local/apache2/bin/checkgid
/usr/local/apache2/bin/dbmmanage
/usr/local/apache2/bin/envvars
/usr/local/apache2/bin/envvars-std
/usr/local/apache2/bin/htcacheclean
/usr/local/apache2/bin/htdbm
/usr/local/apache2/bin/htdigest
<text snipped>
/usr/local/doc/apache/docs/manual/vhosts/mass.html
/usr/local/doc/apache/docs/manual/vhosts/mass.html.en
/usr/local/doc/apache/docs/manual/vhosts/mass.html.ko.euc-kr
/usr/local/doc/apache/docs/manual/vhosts/name-based.html
/usr/local/doc/apache/docs/manual/vhosts/name-based.html.de
/usr/local/doc/apache/docs/manual/vhosts/name-based.html.en
/usr/local/doc/apache/docs/manual/vhosts/name-based.html.fr
/usr/local/doc/apache/docs/manual/vhosts/name-based.html.ja.euc-jp
/usr/local/doc/apache/docs/manual/vhosts/name-based.html.ko.euc-kr
/usr/local/doc/apache/httpd.spec
[ verifying class <none> ]
Installation of <SMCap226> was successful.Since the installation procedure overwrote the existing Apache
configuration file httpd.conf in which I had the virtual
hosts on the server defined, after first saving a copy of the newly
installed httpd.conf file, I restored the httpd.conf
from the backup I made of the file prior to upgrading Apache to version 2.2.6.
I then tried to restart the Apache webserver with apachectl
restart, but got an error message:
# /usr/local/apache2/bin/apachectl restart httpd: Syntax error on line 219 of /usr/local/apache2/conf/httpd.conf: API modul e structure 'access_module' in file /usr/local/apache2/modules/mod_access.so is garbled - expected signature 41503232 but saw 41503230 - perhaps this is not an Apache module DSO, or was compiled for a different Apache version?
I checked the compiled in modules and the version of Apache.
# /usr/local/apache2/bin/httpd -l Compiled in modules: core.c prefork.c http_core.c mod_so.c # /usr/local/apache2/bin/httd -v /usr/local/apache2/bin/httd: not found # /usr/local/apache2/bin/httpd -v Server version: Apache/2.2.6 (Unix) Server built: Nov 29 2007 04:50:40
Checking on the problem, I found the following at Upgrading to httpd 2.2.6 on RHEL and CentOS:
mod_access does not exist in Apache 2.2.
Therefore you are using an incorrect .conf file or more likely, you have coped all of the old modules from the old config file into the new one that you just renamed.
If you did do that, then a lot of the old modules do not work.
Instead, the Apache 2.2 config file uses modules like:
LoadModule auth_basic_module modules/mod_auth_basic.so
you did back up the new conf file before you changed it didnt you?!
When I looked in the /usr/local/apache2/modules directory,
I saw that the mod_access.so file had an August 26, 2006 date,
which indicated the module was for the prior 2.0.59 version of Apache rather
than the new 2.2.6 version. The modules for the new version had a November
30, 2007 date.
# ls -l /usr/local/apache2/modules total 3732 -rw-r--r-- 1 bin bin 8951 Nov 30 2007 httpd.exp -rwxr-xr-x 1 bin bin 68652 Aug 26 2006 mod_access.so -rwxr-xr-x 1 bin bin 10356 Nov 30 2007 mod_actions.so -rwxr-xr-x 1 bin bin 14772 Nov 30 2007 mod_alias.so -rwxr-xr-x 1 bin bin 9488 Nov 30 2007 mod_asis.so -rwxr-xr-x 1 bin bin 75356 Aug 26 2006 mod_auth.so -rwxr-xr-x 1 bin bin 70272 Aug 26 2006 mod_auth_anon.so -rwxr-xr-x 1 bin bin 11684 Nov 30 2007 mod_auth_basic.so -rwxr-xr-x 1 bin bin 74552 Aug 26 2006 mod_auth_dbm.so -rwxr-xr-x 1 bin bin 34700 Nov 30 2007 mod_auth_digest.so -rwxr-xr-x 1 bin bin 9560 Nov 30 2007 mod_authn_anon.so -rwxr-xr-x 1 bin bin 10728 Nov 30 2007 mod_authn_dbd.so -rwxr-xr-x 1 bin bin 9784 Nov 30 2007 mod_authn_dbm.so -rwxr-xr-x 1 bin bin 8420 Nov 30 2007 mod_authn_default.so -rwxr-xr-x 1 bin bin 9476 Nov 30 2007 mod_authn_file.so -rwxr-xr-x 1 bin bin 11760 Nov 30 2007 mod_authz_dbm.so -rwxr-xr-x 1 bin bin 8120 Nov 30 2007 mod_authz_default.so -rwxr-xr-x 1 bin bin 13004 Nov 30 2007 mod_authz_groupfile.so -rwxr-xr-x 1 bin bin 11388 Nov 30 2007 mod_authz_host.so -rwxr-xr-x 1 bin bin 10296 Nov 30 2007 mod_authz_owner.so -rwxr-xr-x 1 bin bin 8880 Nov 30 2007 mod_authz_user.so -rwxr-xr-x 1 bin bin 42260 Nov 30 2007 mod_autoindex.so -rwxr-xr-x 1 bin bin 11228 Nov 30 2007 mod_cern_meta.so -rwxr-xr-x 1 bin bin 29640 Nov 30 2007 mod_cgi.so -rwxr-xr-x 1 bin bin 107080 Nov 30 2007 mod_dav.so -rwxr-xr-x 1 bin bin 51212 Nov 30 2007 mod_dav_fs.so -rwxr-xr-x 1 bin bin 20152 Nov 30 2007 mod_dbd.so -rwxr-xr-x 1 bin bin 24104 Nov 30 2007 mod_deflate.so -rwxr-xr-x 1 bin bin 10032 Nov 30 2007 mod_dir.so -rwxr-xr-x 1 bin bin 12744 Nov 30 2007 mod_dumpio.so -rwxr-xr-x 1 bin bin 9264 Nov 30 2007 mod_env.so -rwxr-xr-x 1 bin bin 14072 Nov 30 2007 mod_expires.so -rwxr-xr-x 1 bin bin 24444 Nov 30 2007 mod_ext_filter.so -rwxr-xr-x 1 bin bin 18424 Nov 30 2007 mod_filter.so -rwxr-xr-x 1 bin bin 19744 Nov 30 2007 mod_headers.so -rwxr-xr-x 1 bin bin 11172 Nov 30 2007 mod_ident.so -rwxr-xr-x 1 bin bin 20176 Nov 30 2007 mod_imagemap.so -rwxr-xr-x 1 bin bin 88328 Aug 26 2006 mod_imap.so -rwxr-xr-x 1 bin bin 46304 Nov 30 2007 mod_include.so -rwxr-xr-x 1 bin bin 25208 Nov 30 2007 mod_info.so -rwxr-xr-x 1 bin bin 29116 Nov 30 2007 mod_log_config.so -rwxr-xr-x 1 bin bin 12552 Nov 30 2007 mod_log_forensic.so -rwxr-xr-x 1 bin bin 10008 Nov 30 2007 mod_logio.so -rwxr-xr-x 1 bin bin 19896 Nov 30 2007 mod_mime.so -rwxr-xr-x 1 bin bin 26972 Nov 30 2007 mod_mime_magic.so -rwxr-xr-x 1 bin bin 39088 Nov 30 2007 mod_negotiation.so -rwxr-xr-x 1 bin bin 83176 Nov 30 2007 mod_proxy.so -rwxr-xr-x 1 bin bin 40292 Nov 30 2007 mod_proxy_ajp.so -rwxr-xr-x 1 bin bin 31504 Nov 30 2007 mod_proxy_balancer.so -rwxr-xr-x 1 bin bin 12276 Nov 30 2007 mod_proxy_connect.so -rwxr-xr-x 1 bin bin 40000 Nov 30 2007 mod_proxy_ftp.so -rwxr-xr-x 1 bin bin 35400 Nov 30 2007 mod_proxy_http.so -rwxr-xr-x 1 bin bin 72840 Nov 30 2007 mod_rewrite.so -rwxr-xr-x 1 bin bin 13784 Nov 30 2007 mod_setenvif.so -rwxr-xr-x 1 bin bin 14380 Nov 30 2007 mod_speling.so -rwxr-xr-x 1 bin bin 205204 Nov 30 2007 mod_ssl.so -rwxr-xr-x 1 bin bin 27384 Nov 30 2007 mod_status.so -rwxr-xr-x 1 bin bin 10068 Nov 30 2007 mod_unique_id.so -rwxr-xr-x 1 bin bin 11048 Nov 30 2007 mod_userdir.so -rwxr-xr-x 1 bin bin 15188 Nov 30 2007 mod_usertrack.so -rwxr-xr-x 1 bin bin 10136 Nov 30 2007 mod_version.so -rwxr-xr-x 1 bin bin 12740 Nov 30 2007 mod_vhost_alias.so
Examining the httpd.conf file that was created when I
upgraded to the 2.2.6 version of Apache, I saw that it was quite different.
It had the following lines in it.
# Virtual hosts #Include conf/extra/httpd-vhosts.conf
At Creating virtual hosts on Apache 2.2, I found the following:
Apache 2.2 adopts a modular approach to its main configuration file,httpd.conf. Although you can still put everything in the one big file, it's more efficient to use external files, and include only those that you need to implement. Consequently, it's no longer recommended to define virtual hosts at the bottom ofhttpd.conf. Instead, you include an external filed calledhttpd-vhosts.conf.
I removed the # from the beginning of the Include
conf/extra/httpd-vhosts.conf line in
/usr/local/apache2/conf/httpd.conf. I then added the virtual
hosts sections from the end of the httpd.conf file I had used
with Apache 2.0.59 to the /usr/local/apache2/conf/extra/httpd-vhosts.conf
file.
I tried restarting Apache, but saw a warning message:
# /usr/local/apache2/bin/apachectl restart [Mon Jun 22 22:27:42 2009] [warn] NameVirtualHost *:80 has no VirtualHosts
In httpd.conf, I placed my email address in the
ServerAdmin line in that file. I also removed the #
from the beginning of the #ServerName www.example.com:80 line
and specified the actual server name instead of www.example.com:80.
In /usr/local/apache2/conf/extra/httpd-ssl.conf, I removed
the pound signs from the beginning of the SSLRandomSeed lines.
# # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the SSL library. # The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. # SSLRandomSeed startup file:/dev/random 512 SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect file:/dev/random 512 SSLRandomSeed connect file:/dev/urandom 512
I tried to restart Apache, but got the following error message:
# /usr/local/apache2/bin/apachectl restart Syntax error on line 24 of /usr/local/apache2/conf/extra/httpd-ssl.conf: SSLRandomSeed: source path '/dev/random' does not exist httpd not running, trying to start
This system is a Solaris 7 system, but, apparently the absence of the /dev/random file can be a problem on at least some HP-UX systems as well as Solaris systems, according to no /dev/random on HP-UX.
According to the /dev/random article on Wikipedia, the /dev/random file "is a special file that serves as a true random number generator or as a pseudorandom number generator. It allows access to environmental noise collected from device drivers and other sources. Not all operating systems implement the same semantics for /dev/random. Linux was the first operating system to implement a true random number generator in this way."
At
SUMMARY of Solaris random gatherer options (long), I found
options listed for generating random or pseudo random data for entryop.
In addition to other options, the posting mentioned a patch available from Sun
that would create /dev/random.
2. /dev/random as provided by Sun package SUNWski
This software was developed by Sun as part of the unbundled product Sun Webserver 2.0 on the Solaris Easy Access Server 3.0 CD. This product was supported for Solaris 2.6 and 7, but not 8 (because Sun is now using Apache or Netscape's web server). However, the SUNWski package still works fine on Solaris 8, provides entropy much faster than egd (it's a daemon written in C) and was reviewed to provide high quality entropy:
At A brief history of /dev/random in Solaris, I found "A /dev/random interface for Solaris first appeared as part of the unbundled SUNWski package in Solaris 7. /dev/random in SUNWski is actually implemented as a named pipe which was written to by a daemon process. A named pipe made sense because it was all done in user land. Starting from Solaris 9, /dev/random and /dev/urandom became device nodes since a kernel-based implementation was done."
I found information on the SUNWski patch at Sun WebServer 1.0: Security and Preformance international Patch. I tried to download the SUNWski patch from Sun's website, but receive the message "Our records are showing that you only have access to public content. A valid service contract is required to access restricted content." At the bottom of the webpage I saw "Contract number is required to access restricted content and patches."
Since I couldn't download the SUNWski patch, I decided to use another option suggested at SUMMARY of Solaris random gatherer options (long), which was option 3, " /dev/random and /dev/urandom by Andreas Maier"
# umask 022
# pkgadd -d -d ANDIrand-0.7-5.7-sparc-1.pkg
pkgadd: ERROR: attempt to process datastream failed
- open of <-d> failed, errno=2
pkgadd: ERROR: could not process datastream from <-d>
# pkgadd -d ANDIrand-0.7-5.7-sparc-1.pkg
The following packages are available:
1 ANDIrand random-0.7
(sparc) 0.7
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1
Processing package instance <ANDIrand> from </home/jsmith/sysadmin/ANDIrand-0.7-5.7-sparc-1
.pkg>
random-0.7
(sparc) 0.7
random number generator
Copyright (c) Andreas Maier, 2000. All rights reserved.
Andreas Maier <andi@cosy.sbg.ac.at>
http://www.cosy.sbg.ac.at/~andi/
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, and the entire permission notice in its entirety,
including the disclaimer of warranties.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. The name of the author may not be used to endorse or promote
products derived from this software without specific prior
written permission.
ALTERNATIVELY, this product may be distributed under the terms of
the GNU Public License, in which case the provisions of the GPL are
required INSTEAD OF the above restrictions. (This clause is
necessary due to a potential bad interaction between the GPL and
the restrictions contained in a BSD-style copyright.)
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
package stuff by Willi Burmeister <wib@cs.uni-kiel.de>
## Executing checkinstall script.
## Processing package information.
## Processing system information.
8 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.
This package contains scripts which will be executed with super-user
permission during the process of installing this package.
Do you want to continue with the installation of <ANDIrand> [y,n,?] y
Installing random-0.7 as <ANDIrand>
## Installing part 1 of 1.
/etc/init.d/random
/usr/kernel/drv/random
/usr/kernel/drv/random.conf
[ verifying class <none>]
/etc/rc0.d/K50random <linked pathname>
/etc/rc2.d/S60random <linked pathname>
Modifying /etc/devlink.tab
[ verifying class <sed> ]
/usr/kernel/drv/sparcv9/random
[ verifying class <km64> ]
## Executing postinstall script.
Initializing random number generator...
done.
Installation of <ANDIrand> was successful.After the installation completed, I found /dev/random and
/dev/urandom on the system.
# ls -l /dev/*random lrwxrwxrwx 1 root other 33 Jun 23 15:59 /dev/random -> ../devices/ pseudo/random@0:random lrwxrwxrwx 1 root other 34 Jun 23 15:59 /dev/urandom -> ../devices /pseudo/random@0:urandom
When I then tried starting Apache again, I saw the following error message:
# /usr/local/apache2/bin/apachectl start Syntax error on line 99 of /usr/local/apache2/conf/extra/httpd-ssl.conf: SSLCertificateFile: file '/usr/local/apache2/conf/server.crt' does not exist or is empty
After first making a backup of the file, I then removed the VirtualHost
section from /usr/local/apache2/conf/extra/httpd-ssl.conf, i.e.
everything from <VirtualHost _default_:443> to
<VirtualHost>. For those virtual hosts for which I was using
SSL support, I left the VirtualHost blocks
I had in the httpd.conf file for version 2.0.59 of Apache
in httpd-vhosts.conf.
When I then tried starting Apache again, I saw the message below, although the Apache server did start. However, when I tried accessing one of the websites, I got a message "You don't have permission to access / on this server."
# /usr/local/apache2/bin/apachectl start [Tue Jun 23 16:29:30 2009] [warn] NameVirtualHost *:80 has no VirtualHosts
I removed the :80 from the end of the NameVirtualHost
*:80 line in httpd-vhosts.conf and restarted Apache. I
didn't get the warning message then when I restarted Apache, but I still
got the same "You don't have permission to access / on this server." message
when I tried accessing any of the websites on the server.
When I looked in the transfer file for websites, I saw entries such as the following:
72.45.13.244 - - [23/Jun/2009:16:36:21 -0400] "GET / HTTP/1.1" 403 202
In httpd.conf, I found the following:
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>In my 2.0.59 httpd.conf file, I had the following:
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>Deny from all line to Allow from all
and restarted Apache. I was then able to access the default website on the
server, but not other websites.
References:
Created: June 23, 2009