killapache対策 - サーバ管理

巷が騒がしいと思ったら、apacheに対するDoS系の脆弱性 (CVE-2011-3192) が発見されて、killapacheなるスクリプトが出回っている。対象は、２系で1.3系は、大丈夫とのこと。(http://people.apache.org/~dirkx/CVE-2011-3192.txt)

ご丁寧に、YouTube（http://www.youtube.com/watch?v=K13nutRdlvE）などにやり方が載っていたりします。

centos5を使っている人は、cento5.6のcrリポジトリに最新版のhttpdがアップされているので、yumで簡単にアップグレードできます。

crリポジトリは、ｃｒの説明とｃｒのインストールを見てください。

# yum update

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

* base: ftp.nara.wide.ad.jp

* extras: ftp.nara.wide.ad.jp

* updates: ftp.nara.wide.ad.jp

base | 2.1 kB 00:00

cr | 1.9 kB 00:00

cr/primary_db | 311 kB 00:00

extras | 2.1 kB 00:00

updates | 1.9 kB 00:00

Setting up Update Process

Resolving Dependencies

--> Running transaction check

---> Package curl.x86_64 0:7.15.5-9.el5_7.4 set to be updated

---> Package dhclient.x86_64 12:3.0.5-29.el5_7.1 set to be updated

---> Package dovecot.x86_64 0:1.0.7-7.el5_7.1 set to be updated

---> Package ecryptfs-utils.i386 0:75-5.el5_7.2 set to be updated

---> Package ecryptfs-utils.x86_64 0:75-5.el5_7.2 set to be updated

---> Package httpd.x86_64 0:2.2.3-53.el5.centos.1 set to be updated

---> Package httpd-devel.i386 0:2.2.3-53.el5.centos.1 set to be updated

---> Package httpd-devel.x86_64 0:2.2.3-53.el5.centos.1 set to be updated

---> Package openssh.x86_64 0:4.3p2-72.el5_7.5 set to be updated

---> Package openssh-clients.x86_64 0:4.3p2-72.el5_7.5 set to be updated

---> Package openssh-server.x86_64 0:4.3p2-72.el5_7.5 set to be updated

---> Package rsync.x86_64 0:3.0.6-4.el5_7.1 set to be updated

---> Package tzdata.x86_64 0:2011h-2.el5 set to be updated

---> Package yum-fastestmirror.noarch 0:1.1.16-16.el5.centos set to be updated

--> Finished Dependency Resolution

Dependencies Resolved

=================================================================================================================================================================================

Package Arch Version Repository Size

=================================================================================================================================================================================

Updating:

curl x86_64 7.15.5-9.el5_7.4 cr 231 k

dhclient x86_64 12:3.0.5-29.el5_7.1 cr 286 k

dovecot x86_64 1.0.7-7.el5_7.1 cr 1.7 M

ecryptfs-utils i386 75-5.el5_7.2 cr 159 k

ecryptfs-utils x86_64 75-5.el5_7.2 cr 164 k

httpd x86_64 2.2.3-53.el5.centos.1 cr 1.2 M

httpd-devel i386 2.2.3-53.el5.centos.1 cr 151 k

httpd-devel x86_64 2.2.3-53.el5.centos.1 cr 151 k

openssh x86_64 4.3p2-72.el5_7.5 cr 289 k

openssh-clients x86_64 4.3p2-72.el5_7.5 cr 452 k

openssh-server x86_64 4.3p2-72.el5_7.5 cr 278 k

rsync x86_64 3.0.6-4.el5_7.1 cr 347 k

tzdata x86_64 2011h-2.el5 cr 781 k

yum-fastestmirror noarch 1.1.16-16.el5.centos cr 19 k

Transaction Summary

=================================================================================================================================================================================

Install 0 Package(s)

Upgrade 14 Package(s)

Total download size: 6.1 M

Is this ok [y/N]: y

Downloading Packages:

(1/14): yum-fastestmirror-1.1.16-16.el5.centos.noarch.rpm | 19 kB 00:00

(2/14): httpd-devel-2.2.3-53.el5.centos.1.x86_64.rpm | 151 kB 00:00

(3/14): httpd-devel-2.2.3-53.el5.centos.1.i386.rpm | 151 kB 00:01

(4/14): ecryptfs-utils-75-5.el5_7.2.i386.rpm | 159 kB 00:00

(5/14): ecryptfs-utils-75-5.el5_7.2.x86_64.rpm | 164 kB 00:00

(6/14): curl-7.15.5-9.el5_7.4.x86_64.rpm | 231 kB 00:00

(7/14): openssh-server-4.3p2-72.el5_7.5.x86_64.rpm | 278 kB 00:09

(8/14): dhclient-3.0.5-29.el5_7.1.x86_64.rpm | 286 kB 00:01

(9/14): openssh-4.3p2-72.el5_7.5.x86_64.rpm | 289 kB 00:00

(10/14): rsync-3.0.6-4.el5_7.1.x86_64.rpm | 347 kB 00:09

(11/14): openssh-clients-4.3p2-72.el5_7.5.x86_64.rpm | 452 kB 00:01

(12/14): tzdata-2011h-2.el5.x86_64.rpm | 781 kB 00:01

(13/14): httpd-2.2.3-53.el5.centos.1.x86_64.rpm | 1.2 MB 00:02

(14/14): dovecot-1.0.7-7.el5_7.1.x86_64.rpm | 1.7 MB 01:00

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Total 62 kB/s | 6.1 MB 01:40

Running rpm_check_debug

Running Transaction Test

Finished Transaction Test

Transaction Test Succeeded

Running Transaction

Updating : httpd 1/28

Updating : openssh 2/28

Updating : dovecot 3/28

Updating : curl 4/28

Updating : ecryptfs-utils 5/28

Updating : openssh-server 6/28

Updating : openssh-clients 7/28

Updating : dhclient 8/28

Updating : rsync 9/28

Updating : httpd-devel 10/28

Updating : httpd-devel 11/28

Updating : tzdata 12/28

Updating : yum-fastestmirror 13/28

Updating : ecryptfs-utils 14/28

Cleanup : yum-fastestmirror 15/28

Cleanup : ecryptfs-utils 16/28

Cleanup : openssh-server 17/28

Cleanup : rsync 18/28

Cleanup : httpd-devel 19/28

Cleanup : httpd-devel 20/28

Cleanup : dhclient 21/28

Cleanup : tzdata 22/28

Cleanup : openssh 23/28

Cleanup : curl 24/28

Cleanup : ecryptfs-utils 25/28

Cleanup : dovecot 26/28

Cleanup : openssh-clients 27/28

Cleanup : httpd 28/28

Updated:

curl.x86_64 0:7.15.5-9.el5_7.4 dhclient.x86_64 12:3.0.5-29.el5_7.1 dovecot.x86_64 0:1.0.7-7.el5_7.1 ecryptfs-utils.i386 0:75-5.el5_7.2

ecryptfs-utils.x86_64 0:75-5.el5_7.2 httpd.x86_64 0:2.2.3-53.el5.centos.1 httpd-devel.i386 0:2.2.3-53.el5.centos.1 httpd-devel.x86_64 0:2.2.3-53.el5.centos.1

openssh.x86_64 0:4.3p2-72.el5_7.5 openssh-clients.x86_64 0:4.3p2-72.el5_7.5 openssh-server.x86_64 0:4.3p2-72.el5_7.5 rsync.x86_64 0:3.0.6-4.el5_7.1

tzdata.x86_64 0:2011h-2.el5 yum-fastestmirror.noarch 0:1.1.16-16.el5.centos

Complete!

[root@www ~]#