RSS
Username:
Password:

Menu

Home
Résumé
Personal
Board
Webcam
Links
Members

Powered by Apache Web Server

Powered by Slackware Linux

Valid XHTML5!

Valid CSS!

October 11th, 2021

Now running Apache 2.4.51, PHP 7.4.24, OpenSSL 1.1.1l, and more

Posted at 07:34:39 PM by froems

A lot of the software on the server had been out of date, so I took some time to upgrade a few things. Along the way, I had to install four new packages from slackware64-current that had not been part of the standard Slackware 14.2 install, those being the pam, krb5, libnsl, and nghttp2 packages.

I started by upgrading the Apache http server from 2.4.43 to 2.4.51 and then upgraded php from 7.4.8 to 7.4.24. These upgrades were compiled from source and were fairly straightforward.

Next, I upgraded to the openssl-1.1.1l package from slackware64-current. When I tried to use the new version, it immediately threw an error referencing a glibc 2.33 dependency. So I reverted the upgrade, upgraded to the glibc-2.33 package first, then upgraded to openssl-1.1.1l, and everything worked fine.

After that, I tried to upgrade OpenSSH from 8.2p1 to 8.3p1, which I had attempted to upgrade in the past without success. Based on errors I encountered, I determined that I needed to install pam-1.5.2 and krb5-1.19.2 from slackware64-current first, and then I could upgrade openssh-8.2p1 to openssh-8.3p1.

To upgrade all the way to the current OpenSSH package (8.8p1), I discovered yet another library dependency. So I first installed libnsl-1.3.0 from slackware64-current, and then upgraded openssh-8.3p1 to openssh-8.8p1. Finally, everything was working after all of these upgrades. The web server, PHP, OpenSSL, and OpenSSH were all running a current version.

The last package I installed from slackware64-current was nghttp2-1.45.1. It turns out that if you want to have access to the http module that enables http2, this package must be installed first. I installed the package, modified http.conf, and http2 was now working.

While I was in http.conf, I also made a few changes to disable some weak security ciphers and enabled mod_deflate to serve text in a compressed format. I also renewed the site's security certificates using a new 4096 bit RSA key.

With these changes, the system should be quite secure now, without sacrificing much in the way of performance.