Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 2 Aug 2010 08:15:14 +0400
From: croco@...nwall.com
To: owl-users@...ts.openwall.com
Subject: Small package collection for Owl-based LAMP

Colleagues,

for the people who need Owl-based LAMP, I've brought together a small
(perhaps the smallest possible) collection of packages, mostly based on the
Gremlin's repository of Owl unofficial RPMs (namely, Apache, MySQL and PHP
specs reworked, libpng, libjpg and gd taken "as is", libxml2 taken from my
own archives).  Thanks go to Gremlin for his great work which I based on.
Don't expect too much, the packages are dirty, specs are hackish, and
definitely nobody ever did anything like security audit of all that stuff.
Apache is 1.3.42 and doesn't even support SSL :-)

The good thing is perhaps that the collection provides the appropriate
init.d scripts correctly working with chkconfig (the original version
doesn't), Apache has mod_rewrite (the original doesn't), and it follows the
security-centric scheme of running PHP as CGI scripts via suexec (well,
Gremlin original does that too, thanks again to Gremlin for explaining me
how this is achieved, and for his version of suexec.c; furhtermore, no
other distributions seem to implement this scheme).

The explanation of the collection, together with a more-or-less detailed
instruction is here: http://openwall.info/wiki/people/croco/crocos_lamp

The collection itself is here: ftp://ftp.croco.net/pub/software/Owl/LAMP --
the directory contains both SRPMs and binary RPMs for i686, created under
Owl-current-20091129 within an OpenVZ container (you might want to
recompile packages from the SRPMs in case your version of Owl is notably
different).

Any feedback is welcome.

--
Croco

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.