Operation Manual

stating that the certicate does not match the server name every time they

visit the URL. A separate IP address or port is necessary for every SSL-enabled

domain to achieve communication based on a valid SSL certicate.

28.7 Avoiding Security Problems

A Web server exposed to the public Internet requires an ongoing administrative effort.

It is inevitable that security issues appear, both related to the software and to accidental

misconguration. Here are some tips for how to deal with them.

28.7.1 Up-to-Date Software

If there are vulnerabilities found in the Apache software, a security advisory will be

issued by SUSE. It contains instructions for xing the vulnerabilities, which in turn

should be applied as soon as possible. The SUSE security announcements are available

from the following locations:

•

Web Page http://www.novell.com/linux/security/

securitysupport.html

•

Mailing List http://en.opensuse.org/openSUSE:Support

_channels

•

RSS Feed http://www.novell.com/linux/security/suse

_security.xml

28.7.2 DocumentRoot Permissions

By default in openSUSE, the DocumentRoot directory /srv/www/htdocs and

the CGI directory /srv/www/cgi-bin belong to the user and group root. You

should not change these permissions. If the directories were writable for all, any user

could place les into them. These les might then be executed by Apache with the

permissions of wwwrun, which may give the user unintended access to le system re-

sources. Use subdirectories of /srv/www to place the DocumentRoot and CGI di-

480 Reference