Server Software (Web Network Services) 1 CHAPTER 9 Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing 386 Step 2 You must restart the Apache web server for the changes to take effect: • To restart Apache, use the following commands: [root@deep /]# /etc/rc.d/init.d/httpd restart Shutting down http: [ OK ] Starting httpd: [ OK ] Step 3 Once the above lines have been included in our “httpd.conf” file, we must test the new PHP4 feature to be sure it’s working. We’ll create a small PHP file named “php.php” in our DocumentRoot, and then point our web broswer to this PHP document to see if PHP4 work on the server. Create the php.php file in your DocumentRoot (touch /home/httpd/ona/php.php) and add the following lines in the PHP file: <body bgcolor="#FFFFFF"> <?php phpinfo()?> </body> NOTE: These lines will inform PHP4 program to display various pieces of information about the configuration of our Linux server. Step 4 Now, point your web browser to the following address: http://my-web-server/php.php The <my-web-server> is the address where your Apache web server lives, and <php.php> is the PHP document we have created above to display the information and configuration of our Linux server. Server Software (Web Network Services) 1 CHAPTER 9 Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing 387 If you see something like the above page appearing in your web browser… congratulations! Your PHP module is working. Perl module Devel::Symdump If you intend to use the mod_perl programming language support with your Apache web server, it can be interesting to install the small perl module program named “Devel::Symdump”. This third party module will allow you to inspect perl's symbol table and the class hierarchies within a running program. To build and install it, follow these steps. Packages Devel-Symdump Homepage: http://www.perl.com/CPAN/modules/by-module/Devel/ You must be sure to download: Devel-Symdump-2_00_tar.gz Devel-Symdump version number is 2.00 [root@deep /]# cp Devel-Symdump-version.tar.gz /var/tmp/ [root@deep /]# cd /var/tmp/ [root@deep tmp]# tar xzpf Devel-Symdump-version.tar.gz Step 1 Move into the new Devel-Symdump directory and type the following commands on your terminal to compile and install the module on your Linux server: [root@deep Devel-Symdump-2.00]# perl Makefile.PL [root@deep Devel-Symdump-2.00]# make [root@deep Devel-Symdump-2.00]# make test [root@deep Devel-Symdump-2.00]# make install Step 2 Server Software (Web Network Services) 1 CHAPTER 9 Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing 388 Once the module has been installed on your system, you must include in your “/etc/httpd/conf/httpd.conf” file the following lines to be able to see the status of different Perl modules on the server: Edit the httpd.conf file (vi /etc/httpd/conf/httpd.conf) and add the following lines: <Location /perl-status> SetHandler perl-script PerlHandler Apache::Status Order deny,allow Deny from all Allow from 192.168.1.0/24 </Location> Step 3 You must restart the Apache web server for the changes to take effect: • To restart Apache, use the following commands: [root@deep /]# /etc/rc.d/init.d/httpd restart Shutting down http: [ OK ] Starting httpd: [ OK ] Step 4 Finally, we must test the new Devel-Symdump module to be sure that we can see status of different Perl modules on the server. To verify that it works, points your web browser to the following address: http://my-web- server/perl-status/. The <my-web-server> is the address where your Apache web server lives. Server Software (Web Network Services) 1 CHAPTER 9 Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing 389 Cleanup after work [root@deep /]# cd /var/tmp [root@deep tmp]# rm -rf Devel-Symdump.version/ Devel-Symdump-version.tar.gz Installed files > /usr/lib/perl5/man/man3/Devel::Symdump.3 > /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Devel > /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Devel/Symdump > /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Devel/Symdump/.packlist > /usr/lib/perl5/site_perl/5.005/Devel > /usr/lib/perl5/site_perl/5.005/Devel/Symdump > /usr/lib/perl5/site_perl/5.005/Devel/Symdump/Export.pm > /usr/lib/perl5/site_perl/5.005/Devel/Symdump.pm CGI.pm Perl library The CGI.pm is a Perl5 library for writing World Wide Web CGI scripts. Older versions of this software exist by default on your system, but they are buggy. It’s recommended that you update your copy to version 2.56, at least. To update this module, please follow these steps. Packages CGI.pm Homepage: http://stein.cshl.org/WWW/software/CGI/cgi_docs.html You must be sure to download: CGI_pm_tar.gz CGI.pm version number is 2.56 [root@deep /]# cp CGI_pm_tar.gz /var/tmp/ [root@deep /]# cd /var/tmp/ [root@deep tmp]# tar xzpf CGI_pm_tar.gz Step 1 First of all, we’ll check the version of CGI.pm installed in our system. • You can check your current “CGI.pm” version number with the following command: [root@deep]# perl -e 'use CGI; print $CGI::VERSION."\n";' 2.46 Step 2 Move into the new CGI.pm directory and type the following commands on your terminal to compile and install the updated libraries on your Linux server: [root@deep CGI.pm-2.56]# perl Makefile.PL [root@deep CGI.pm-2.56]# make [root@deep CGI.pm-2.56]# make test [root@deep CGI.pm-2.56]# make install Cleanup after work [root@deep /]# cd /var/tmp [root@deep tmp]# rm -rf CGI.pm-version/ CGI_pm_tar.gz Installed files > /usr/lib/perl5/5.00503/CGI/Pretty.pm > /usr/lib/perl5/5.00503/i386-linux/auto/CGI > /usr/lib/perl5/5.00503/i386-linux/auto/CGI/.packlist > /usr/lib/perl5/man/man3/CGI::Pretty.3 Server Software (Web Network Services) 1 CHAPTER 9 Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing 390 Securing Apache Change some important permissions on files and directories for your Web Server When you install Apache on your server, there are some files and directories that have too many permissions set by default. The binary program “httpd” can be set to be read-only by the super- user “root”, and executable by the owner, group, and others for better security. The “/etc/httpd/conf” and “/var/log/httpd” directories don’t need to by readable, writable or executable by other people. [root@deep /]# chmod 511 /usr/sbin/httpd [root@deep /]# chmod 750 /etc/httpd/conf/ [root@deep /]# chmod 750 /var/log/httpd/ Automatic indexing If you have enabled the automatic indexing of directories in your Apache configuration file, (IndexOptions in httpd.conf), then you’ll have a security issue since any requests for a directory that don't find an index file will build an index of what is in the directory. In many cases, you may only want people seeing files that you specifically link to. To turn this off, you need to remove read permissions from the DocumentRoot directory (but not the files inside it). [root@deep /]# cd /home/httpd/ [root@deep httpd]# chmod 311 ona [root@deep httpd]# ls -la d-wx x x 13 webadmin webadmin 1024 Jul 28 08:12 ona Now, with this modification, any requests for this protected directory should return an error message like: Forbidden You don't have permission to access “/ona/” on this server. NOTE: “ona” is the DocumentRoot (the directory out of which you will serve your documents) in our example. Create the .dbmpasswd password file for users authentication This step is necessary only if you think that you’ll use an access file authentication system for your web site. Access file authentication is used when you have the need to protect some part of your web site with a user password. With Apache, a lot of options exist to protect your site with usernames and passwords. Step 1 The “dbmmanage” program utility of Apache can be used to create and update usernames and passwords of HTTP users. This method use a DBM format files that is the fastest mechanism when you have thousands users to manage in your password file. First of all, it’s important to change the permission of this program to be (0750/-rwxr-x ), writable only by the super-user “root”, readable and executable by group and nothing for the others. • To change the permissions on the “dbmmanage” program, use the following command: [root@deep /]# chmod 750 /usr/bin/dbmmanage • To create a username and password, use the following command: [root@deep /]# /usr/bin/dbmmanage /etc/httpd/.dbmpasswd adduser username New password: Server Software (Web Network Services) 1 CHAPTER 9 Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing 391 Re-type new password: User username added with password encrypted to l4jrdAL9MH0K. Where </etc/httpd> is the location of the password file, <.dbmpasswd> is the name of the password file, and <username> is the name of the user you want to add in your “.dbmpasswd” file. Step 2 If you use the “dbmmanage” utility with your Apache web server to create passwords and usernames, don’t forget to include in your “/etc/httpd/conf/httpd.conf” configuration file the part of your web site you need to protect with user password authentication: Edit the httpd.conf file (vi /etc/httpd/conf/httpd.conf) and add the following lines to protect the “private” directory of your web site “ona” with user password authentication: <Directory "/home/httpd/ona/private"> Options None AllowOverride AuthConfig AuthName "restricted stuff" AuthType Basic AuthDBUserFile /etc/httpd/.dbmpasswd require valid-user </Directory> The path </home/httpd/ona/private> specifies the directory we want to protect with a password and username, the </etc/httpd/.dbmpasswd> specifies the location of the password file. NOTE: To add the DB password authentication module to your Apache Web Server, you must be sure to include it during the configuration time of Apache with the following parameter “ add- module=src/modules/standard/mod_auth_db.c”. See your Apache documentation for more information. Step 3 You must restart Apache web server for the changes to take effect: • To restart Apache, use the following commands: [root@deep /]# /etc/rc.d/init.d/httpd restart Shutting down http: [ OK ] Starting httpd: [ OK ] Step 4 Finally, we must test the new protected directory named (private). To verify that it works, point your web browser to the following address: http://my-web- server/private/. The <my-web-server> is the address where your Apache web server lives. The </private/> is the directory we want to protect with user password authentication. Server Software (Web Network Services) 1 CHAPTER 9 Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing 392 Immunize important configuration file like “httpd.conf” As we already know, the immutable bit can be used to prevent deletion, overwriting or creation of a symbolic link to a file. Once your “httpd.conf” file has been configured, it’s a good idea to immunize it with the following command: [root@deep /]# chattr +i /etc/httpd/conf/httpd.conf Running Apache in a chroot jail This part focuses on preventing Apache from being used as a point of break-in to the system hosting it. Apache by default runs as a non-root user, which will limit any damage to what can be done as a normal user with a local shell. Of course, allowing what amounts to an anonymous guest account falls rather short of the security requirements for most Apache servers, so an additional step can be taken - that is, running Apache in a chroot jail. The main benefit of a chroot jail is that the jail will limit the portion of the file system the daemon can see to the root directory of the jail. Additionally, since the jail only needs to support Apache, the programs available in the jail can be extremely limited. Most importantly, there is no need for setuid-root programs, which can be used to gain root access and break out of the jail. Server Software (Web Network Services) 1 CHAPTER 9 Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing 393 Chrooting apache is no easy task and has a tendency to break things. Before we embark on this, we need to first decide whether it is beneficial for you to do so. Some pros and cons are, but most certainly not limited to, the following: Pros:  If apache is ever compromised, the attacker will not have access to the entire file system.  Poorly written CGI scripts that may allow someone to access your server will not work. Cons:  There are extra libraries you'll need to have in the chroot jail for Apache to work.  If you use any Perl/CGI features with Apache, you will need to copy the needed binaries, Perl libraries and files to the appropriate spot within the chroot space. The same applies for SSL, PHP, LDAP, PostgresSQL and other third-party programs. The chrooted configuration listed below supposes that you’ve compiled your Apache server with the external program mod_ssl. The differences in what you’ve compiled with your Apache web server reside in which libraries and binaries you‘ll need to copy to the chrooted directory. Remember that if you’ve compiled Apache to use mod_perl, you must copy all the related binaries and Perl libraries to the chrooted directory. Perl resides in “/usr/lib/perl5” and in case you use Perl features, copy the Perl directories to “/chroot/httpd/usr/lib/perl5/”. Don’t forget to create the directory “/chroot/httpd/usr/lib/perl5” in your chrooted structure before copying. The following are the necessary steps to run Apache Web Server in a chroot jail: Step 1 We must find the shared library dependencies of httpd. These will need to be copied into the chroot jail later. • To find the shared library dependencies of httpd, execute the following command: [root@deep /]# ldd /usr/sbin/httpd Server Software (Web Network Services) 1 CHAPTER 9 Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing 394 libpam.so.0 => /lib/libpam.so.0 (0x40016000) libm.so.6 => /lib/libm.so.6 (0x4001f000) libdl.so.2 => /lib/libdl.so.2 (0x4003b000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x4003e000) libnsl.so.1 => /lib/libnsl.so.1 (0x4006b000) libresolv.so.2 => /lib/libresolv.so.2 (0x40081000) libdb.so.3 => /lib/libdb.so.3 (0x40090000) libc.so.6 => /lib/libc.so.6 (0x400cb000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) Make a note of the files listed above; you will need these later in our steps. Step 2 Add a new UID and a new GID if this is not already done for running Apache httpd. This is important because running it as root defeats the purpose of the jail, and using a different UID that already exists on the system (i.e. nobody) can allow your services to access each others' resources. Consider the scenario where a web server is running as nobody, or any other overly used UID/GID and compromised. The cracker can now access any other processes running as nobody from within the chroot. These are sample UID/GIDs. Check the “/etc/passwd” and “/etc/group” files for a free UID/GID number. In our configuration we'll use the numeric value “80” and UID/GID “www”. [root@deep /]# useradd -c “Apache Server” -u 80 -s /bin/false -r -d /home/httpd www 2>/dev/null || : The above commands will create the group “www” with the numerical GID value 80, and the user “www” with the numerical UID value 80. Step 3 Set up the chroot environment. First we need to create the chrooted Apache structure. We use “/chroot/httpd” for the chrooted Apache. The “/chroot/httpd” is just a directory on a different partition where we've decided to put apache for more security. [root@deep /]# /etc/rc.d/init.d/httpd stop  only if Apache is already installed and run on your system. Shutting down http: [ OK ] [root@deep /]# mkdir /chroot/httpd Next, create the rest of directories as follows: [root@deep /]# mkdir /chroot/httpd/dev [root@deep /]# mkdir /chroot/httpd/lib [root@deep /]# mkdir /chroot/httpd/etc [root@deep /]# mkdir -p /chroot/httpd/usr/sbin [root@deep /]# mkdir -p /chroot/httpd/var/run [root@deep /]# mkdir -p /chroot/httpd/var/log/httpd [root@deep /]# chmod 750 /chroot/httpd/var/log/httpd/ [root@deep /]# mkdir -p /chroot/httpd/home/httpd Copy the main configuration directory, the configuration files, the cgi-bin directory, the root directory and the httpd program to the chroot jail: [root@deep /]# cp -r /etc/httpd /chroot/httpd/etc/ [root@deep /]# cp -r /home/httpd/cgi-bin /chroot/httpd/home/httpd/ [root@deep /]# cp -r /home/httpd/your-DocumentRoot /chroot/httpd/home/httpd/ [root@deep /]# mknod /chroot/httpd/dev/null c 1 3 [root@deep /]# chmod 666 /chroot/httpd/dev/null [root@deep /]# cp /usr/sbin/httpd /chroot/httpd/usr/sbin/ Server Software (Web Network Services) 1 CHAPTER 9 Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing 395 We need the “/chroot/httpd/etc”, “/chroot/httpd/dev”, “/chroot/httpd/lib”, “/chroot/httpd/usr/sbin”, “/chroot/httpd/var/run”, “/chroot/httpd/home/httpd” and “/chroot/httpd/var/log/httpd” directories because, from the point of the chroot, we're sitting at “/”. Step 4 If you have compiled your Apache web server with SSL support, you must copy the entire “/etc/ssl” directory that handles all private and public keys to the chroot jail. [root@deep /]# cp -r /etc/ssl /chroot/httpd/etc/  require only if you use mod_ssl feature. [root@deep /]# chmod 600 /chroot/httpd/etc/ssl/certs/ca.crt  require only if you use mod_ssl feature. [root@deep /]# chmod 600 /chroot/httpd//etc/ssl/certs/server.crt  require only if you use mod_ssl feature. [root@deep /]# chmod 600 /chroot/httpd/etc/ssl/private/ca.key  require only if you use mod_ssl feature. [root@deep /]# chmod 600 /chroot/httpd/etc/ssl/private/server.key  require only if you use mod_ssl feature. Step 5 Since we have compiled apache to use shared libraries, we need to install them into the chroot directory structure. Use ldd /chroot/httpd/usr/sbin/httpd to find out which libraries are needed. The output (depending on what you’ve compiled with Apache) will be something similar to: libpam.so.0 => /lib/libpam.so.0 (0x40016000) libm.so.6 => /lib/libm.so.6 (0x4001f000) libdl.so.2 => /lib/libdl.so.2 (0x4003b000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x4003e000) libnsl.so.1 => /lib/libnsl.so.1 (0x4006b000) libresolv.so.2 => /lib/libresolv.so.2 (0x40081000) libdb.so.3 => /lib/libdb.so.3 (0x40090000) libc.so.6 => /lib/libc.so.6 (0x400cb000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) Copy the shared libraries identified above: [root@deep /]# cp /lib/libpam.so.0 /chroot/httpd/lib/ [root@deep /]# cp /lib/libm.so.6 /chroot/httpd/lib/ [root@deep /]# cp /lib/libdl.so.2 /chroot/httpd/lib/ [root@deep /]# cp /lib/libcrypt.so.1 /chroot/httpd/lib/ [root@deep /]# cp /lib/libnsl* /chroot/httpd/lib/ [root@deep /]# cp /lib/libresolv* /chroot/httpd/lib/ [root@deep /]# cp /lib/libdb.so.3 /chroot/httpd/lib/ [root@deep /]# cp /lib/libc.so.6 /chroot/httpd/lib/ [root@deep /]# cp /lib/ld-linux.so.2 /chroot/httpd/lib/ You'll also need the following extra libraries for some network functions, like resolving: [root@deep /]# cp /lib/libnss_compat* /chroot/httpd/lib/ [root@deep /]# cp /lib/libnss_dns* /chroot/httpd/lib/ [root@deep /]# cp /lib/libnss_files* /chroot/httpd/lib/ Step 6 We now need to copy the passwd and group files inside the “/chroot/httpd/etc” chrooted directory. The concept here is the same as how ftpd uses passwd and group files. Next, we’ll remove all entries except for the user that apache runs as in both files (passwd and group). [root@deep /]# cp /etc/passwd /chroot/httpd/etc/ [root@deep /]# cp /etc/group /chroot/httpd/etc/ [...]... /usr/include/php/ext/standard/php_metaphone.h > /usr/include/php/ext/standard/php_output.h > /usr/include/php/ext/standard/php_rand.h > /usr/include/php/ext/standard/php_standard.h > /usr/include/php/ext/standard/php_string.h > /usr/include/php/ext/standard/php_syslog.h > /usr/include/php/ext/standard/php_var.h > /usr/include/php/ext/standard/phpdir.h > /usr/include/php/ext/standard/phpmath.h > /usr/include/php/ext/standard/quot_print.h... /usr/lib/perl5/site_perl/5.005/i386 -linux/ mod_perl_cvs.pod > /usr/lib/perl5/site_perl/5.005/i386 -linux/ mod_perl_method_handlers.pod > /usr/lib/perl5/site_perl/5.005/i386 -linux/ mod_perl.pm > /usr/lib/perl5/site_perl/5.005/i386 -linux/ mod_perl_traps.pod > /usr/lib/perl5/site_perl/5.005/i386 -linux/ cgi_to_mod_perl.pod > /usr/lib/perl5/site_perl/5.005/i386 -linux/ Apache.pm Copyright 199 9 - 2000 Gerhard Mourani, Open Network Architecture ® and. .. /usr/include/php/ext/standard/php_assert.h > /usr/include/php/ext/standard/php_browscap.h > /usr/include/php/ext/standard/php_crypt.h > /usr/include/php/ext/standard/php_dir.h > /usr/include/php/ext/standard/php_filestat.h > /usr/include/php/ext/standard/php_image.h > /usr/include/php/ext/standard/php_iptc.h > /usr/include/php/ext/standard/php_lcg.h > /usr/include/php/ext/standard/php_link.h > /usr/include/php/ext/standard/php_mail.h... /usr/include/php/ext/standard > /usr/include/php/ext/standard/base64.h > /usr/include/php/ext/standard/basic_functions.h > /usr/include/php/ext/standard/cyr_convert.h > /usr/include/php/ext/standard/datetime.h > /usr/include/php/ext/standard/dl.h > /usr/include/php/ext/standard/dns.h > /usr/include/php/ext/standard/exec.h > /usr/include/php/ext/standard/file.h > /usr/include/php/ext/standard/flock_compat.h... /usr/include/php/ext/standard/fsock.h > /usr/include/php/ext/standard/global.h > /usr/include/php/ext/standard/head.h > /usr/include/php/ext/standard/html.h > /usr/include/php/ext/standard/info.h > /usr/include/php/ext/standard/md5.h > /usr/include/php/ext/standard/microtime.h > /usr/include/php/ext/standard/pack.h > /usr/include/php/ext/standard/pageinfo.h > /usr/include/php/ext/standard/php_array.h >... /usr/lib/perl5/site_perl/5.005/i386 -linux/ Apache/Opcode.pm > /usr/lib/perl5/site_perl/5.005/i386 -linux/ Apache/PerlSections.pm Copyright 199 9 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing 404 Server Software (Web Network Services) 1 CHAPTER 9 > /usr/lib/perl5/site_perl/5.005/i386 -linux/ Apache/FakeRequest.pm > /usr/lib/perl5/site_perl/5.005/i386 -linux/ Apache/ExtUtils.pm > /usr/lib/perl5/site_perl/5.005/i386 -linux/ Apache/Include.pm... /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/include/compat.h > /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/include/http_request.h > /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/include/http_core.h Copyright 199 9 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing 402 Server Software (Web Network Services) 1 CHAPTER 9 > /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/include/ap_mm.h... /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/os/unix/os.h > /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/os/unix/os-inline.c > /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/os/os 390 > /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/os/os 390 /os-inline.c > /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/os/os 390 /ebcdic.h > /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/os/os 390 /os.h... /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/modules/ssl/ssl_util_ssl.h > /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/modules/ssl/ssl_expr_parse.h > /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/modules/ssl/mod_ssl.h Copyright 199 9 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing 403 Server Software (Web Network Services) 1 CHAPTER 9 > /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/modules/ssl/ssl_util_sdbm.h... /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/modules/standard > /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/modules/standard/mod_rewrite.h > /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/support > /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/support/suexec.h > /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/lib > /usr/lib/perl5/site_perl/5.005/i386 -linux/ auto/Apache/include/lib/expat-lite . access and break out of the jail. Server Software (Web Network Services) 1 CHAPTER 9 Copyright 199 9 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing 393 . Server Software (Web Network Services) 1 CHAPTER 9 Copyright 199 9 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing 399 missingok postrotate /usr/bin/killall -HUP. Server Software (Web Network Services) 1 CHAPTER 9 Copyright 199 9 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing 392 Immunize important configuration file