I was in the midst of my first ever PCI audit – the company I was doing work for wanted to start taking credit card orders over their website. I thought it would be easy – the website was a wrap-around of the credit card company’s authorization site, so no numbers ever touched the company-owned systems. Unfortunately the security firm required all external facing IP addresses to test. One of those IP addresses pointed to an Ubuntu 10.04.4LTS system that was running Owncloud software on apache (think DAV for multiple users via web interface).<\/p>\n
So the PCI audit returns with a giant FAIL. Apache is out of date!<\/p>\n
apache2 -v
\n2.2.14
\nThis version came out in October of 2009.<\/p>\n
So I edited the apt sources list to grab a newer file: deb http:\/\/us.archive.ubuntu.com\/ubuntu\/ oneiric main Run the PCI compliance test again – FAIL. Apparently they require 2.2.21 or higher. The only issues I could find with 2.2.20 deal with mods being enabled that they don’t use, or .htaccess permissions that they also don’t use. OK, so let’s go up another version.<\/p>\n deb http:\/\/us.archive.ubuntu.com\/ubuntu\/ precise main I verified the site was still working. Make sure you comment out the sources.list precise and oneiric otherwise you’ll have lots of update issues down the road.<\/p>\n Source generator: I was in the midst of my first ever PCI audit – the company I was doing work for wanted to start taking credit card orders over their website. I thought it would be easy – the website was a wrap-around of the credit card company’s authorization site, so no numbers ever touched the company-owned … Continue reading PCI Audit vs Ubuntu Server<\/span>
\nnano \/etc\/apt\/sources.list<\/code>
\nAnd added:<\/p>\n
\ndeb-src http:\/\/us.archive.ubuntu.com\/ubuntu\/ oneiric main<\/p><\/blockquote>\napt-get update<\/code>
\napt-get install apache2<\/code>
\napache2 -v<\/code>
\n2.2.20
\nThis version came out in August of 2010<\/p>\nnano \/etc\/apt\/sources.list<\/code>
\nAdd:<\/p>\n
\ndeb-src http:\/\/us.archive.ubuntu.com\/ubuntu\/ precise main<\/p><\/blockquote>\napt-get update<\/code>
\napt-get install apache2<\/code>
\napache2 -v<\/code>
\n2.2.22
\nThis version came out in January of 2012<\/p>\n
\nhttp:\/\/repogen.simplylinux.ch\/generate.php<\/p>\n","protected":false},"excerpt":{"rendered":"