Here are the facts of case:
(1) We are a reseller for a Japanese company whose electro-mechanical machine is controlled by a small built in PC that runs off of a CF card and runs an embedded version of Linux.
(2) This PC resides on the network of our customers, and it also has an Apache2 webserver running (not needed for our functionality) that has been deemed unsecure by security auditors because it uses an old version of Apache and old version of PHP.
(3) I need to disable this web server but the manufacturer is taking way too long to move on this. I have already passed my deadline for the security audit and we are getting close the to the point where our equipment will become paper weights.
(4) I cannot get to a command line, though there are some USB ports so if someone could offer a keyboard shortcut perhaps I can. I can't tell if the keyboard is responsive when I plug it in (lights do come on though).
(5) I am able to put the CF in a card reader and browse its contents on my Ubuntu PC.

SO per number (5) my question is this: Is there a file I can edit or delete on the CF card that will totally prevent Apache from starting up the webserver?

Thank you.

No idea at all, since you don't give us any details to work with. We don't know what version/distro of Linux this device is running, what KIND of device, what you see on the CF card, etc.

If you're the reseller, the simplest thing would be for you to contact the people SELLING these devices to you, and ask them for this information. Since they MAKE the device, they can tell you how/if you can get a terminal window up, etc.

Let's turn that into nice questions:

"what version/distro of Linux are you running?"
I don't know and I don't know how to find out. Do you have any suggestions to determine which distro I have as I have access to the file system as I mentioned in my original post?


"have you contacted the people SELLING these devices to you and asked them this information?"
Yes I have, but they will not allow me to make any changes to it and demand to do it themselves through their gigantic QC process. I have taken it upon myself to simply turn off the webserver until they can get the new version through their overwrought process.
Even though they MAKE the device they will not TELL me anything because they defer to the QC process, for which I do not blame them.

They were 'nice' questions.
No, because as I said in my first reply, we have no idea what the device is, or what you can see on the CF card. Your device could be anything from a low-end box to something capable of 64 bit. What versions you can run (and where to look), depend on such specs. You don't provide them. There *MIGHT* be a file called "<something>release<something>" in /etc, but there's no way of knowing. The manufacturer could remove it.
This post has been reported to the moderators, per the above.
Your original question is a bit unclear. If you just SELL these devices, security auditing is up to the CUSTOMER. If you're USING these devices, and your own auditors have a problem, that's different.

Again, there aren't enough details for anyone to help you. We have NO IDEA on if the 'device' can support a keyboard/mouse, what the USB ports do, etc., so we can't tell you how to modify things.

1 members found this post helpful.

Are there any files (or commands within said files) common to all Apache2 installations across all Linux distros that when deleted will prevent said Apache2 server from starting?

As you said yourslef the manufacturer of the device doesn't permit you to do what you're trying to
achieve; given this extra bit of information this thread is closed as being in violation of our rules.

1 members found this post helpful.