Hi, no luck so far. But since I'm right now waiting for a restore of a Ghost 8 image I made earlier "just in case", I can tell you a bit more of my story.
The reason for touching this server were the security vulnerabilities in OpenSSL versions prior to 0.9.8d and 0.9.7l
http://www.slackware.com/security/vi...ecurity.676946
To stick with the distribution of choice of our parent company I downloaded Slackware 11.0 CD ISOs, and installed on a spare box with minimum of packages. I upgraded a few packages:
bash-3.2.015-i486-1_slack11.0.tgz
bind-9.3.4-i486-1_slack11.0.tgz
php-4.4.7-i486-1_slack11.0.tgz
tar-1.16-i486-1_slack11.0.tgz
I checked the versions of all essential packages, and they all were the latest for Slack 11.0, and OpenSSL was 0.9.8d, so it was good to go. I did not upgrade neither Apache, OpenSSL, nor Mod_SSL.
I copied the Bind and Apache configuration files, certificate files and logs from the old box to the new one and after a bit of time of changing paths (old box was RedHat 8) I got it to work - Apache started, and it was working fine.
But I checked the SSL_LOG, and while starting, one of the lines logged by Apache was:
[18/May/2007 00:49:20 00373] [info] Server: Apache/1.3.37, Interface: mod_ssl/2.8.28, Library: OpenSSL/0.9.8b
OpenSSL 0.9.8b is one of the vulnerable versions (possibility of denial of service and buffer overrun, which I think is pretty serious).
Today I tried:
upgrading Apache to apache-1.3.37-i486-3.tgz from "Current"
upgrading OpenSSL to openssl-0.9.8e-i486-2.tgz from "Current"
upgrading to openssl-solibs-0.9.8e-i486-2.tgz from "Current"
reinstalling mod_ssl mod_ssl-2.8.28_1.3.37-i486-1.tgz - after reading the
http://www.modssl.org/example/ example installation steps and realizing that it's mod_ssl that holds Apache and OpenSSL together.
None of that helped. Then I took a look at the line from the http.conf file thinking that maybe it needs to be changed on the new system:
LoadModule ssl_module libexec/apache/libssl.so
This file was dated before Sep-2006, and I searched for all files with that name and found newer (I think in /usr/lib). I tried to replace the file into ..libexec/apache/libssl.so but then Apache would not start - it gave the error:
httpd can't locate API module structure 'ssl_module'
I switched back to the old libssl.so file. I renamed the file and re-installed mod_ssl-2.8.28_1.3.37-i486-1.tgz. It put the same file back (same size and time).
Then I searched for possibilities for 'LoadModule ssl_module' directive in httpd.conf - and found that some people used 'mod_ssl.so'. I ran 'find' for that file, but it didn't find it, and instead it gave this message:
find: WARNING: Hard link count is wrong for /proc: this may be a bug in your filesystem driver. Automatically turning on find's -noleaf option.
Earlier results may have failed to include directories that should have been searched.
First I booted from the CD and run reiserfsck on each partition, and everything was fine. Then I read the tip:
http://murrey.inferential.com/piperm...er/000237.html
suggesting that find may have a bug - so I upgraded from findutils-4.2.28-i486-? to findutils-4.2.30-i486-1.tgz
That made find scream that it needs GLIBC 2.4, so I downloaded and upgraded to glibc-2.5-i486-2.tgz which gave the error "FATAL: kernel too old" pretty much on every command, and caused me to sit here while restoring from Ghost image.
So I am smarter by that lesson
, but what did I do wrong before today that Apache logged using OpenSSL 0.9.8b while OpenSSL from the CD was version 0.9.8d?
Thanks.
