Hi All Question: what is the best way to upgrade to openssl 0.9.8g ? Can i replace original "openssl 0.9.8e" that is in ISPConfig tar with "opensssl 0.9.8g" and ISPconfig installations script (?) and re-run the ./setup instead of compiling Apache and PHP and everything again? ISPconfig seems not to look for en existing "openssl 0.9.8g" installed but it installs its own 0.9.8e at this point i have no clients on the system. (ununtu 7.10+ perfect server instructions + openssl 0.9.8g!) output from 'nmap -A -T4 localhost' and main html on isp1.bogdans.net report below Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu 6.3 mod_ssl/2.2.4 OpenSSL/0.9.8e Server at isp1.bogdans.net Port 80 appreciate help Bogs
This is the output of your main Apache. ISPConfig comes with its own Apache (on port 81 for serving the ISPConfig web interface) that has nothing to do with your main Apache. This means you can use your distribution's package manager to update the OpenSSL version used by your main Apache.
Thanks for reply Falco Before i proceed to my issue, i had a difficult time with logins, during the time i write the post the Firefox logs me out and when i login the page displays that ´Is it an invalid thread, please notify administrator ' so i do. Yes, it was a web stat please look at the output from ´nmap -A -T4 localhost' below on port 80, 443 also 81 shows apache but not openssl version but in the souce it shows ´openssl-0.9.8e´ I just thought that you had all the latest version bundled up. I constantly worry that some one can hack the system if it is not upto date, but at this point in time I have a router in front of the ISP box, ...... ALSO note the PHP version which is not the one you bundling up with ISPconfig (php 525). So to upgrade versions for ISPconfig to use them I have to to install all the packages in the correct order, as in - opessl, then modssl, then php5.2.5, and so on ending with apache? Thanks for future reply ------------------- OS and Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ . Nmap finished: 1 IP address (1 host up) scanned in 25.112 seconds root@isp1:/# nmap -A -T4 localhost Starting Nmap 4.20 ( http://insecure.org ) at 2008-03-11 00:46 EST Interesting ports on localhost (127.0.0.1): Not shown: 1682 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp ProFTPD 22/tcp open ssh OpenSSH 4.6p1 Debian 5ubuntu0.1 (protocol 2.0) 25/tcp open smtp Postfix smtpd 53/tcp open domain 80/tcp open http Apache httpd 2.2.4 ((Ubuntu) PHP/5.2.3-1ubuntu6.3 mod_ssl/2.2.4 OpenSSL/0.9.8e) 81/tcp open http Apache httpd 110/tcp open pop3 Courier pop3d 143/tcp open imap Courier Imapd (released 2005) 443/tcp open http Apache httpd 2.2.4 ((Ubuntu) PHP/5.2.3-1ubuntu6.3 mod_ssl/2.2.4 OpenSSL/0.9.8e) 631/tcp open ipp CUPS 1.2 953/tcp open rndc? 993/tcp open ssl/unknown 995/tcp open ssl/unknown 3306/tcp open mysql MySQL 5.0.45-Debian_1ubuntu3.1-log 5432/tcp open postgresql PostgreSQL DB No exact OS matches for host (If you know what OS is running on it, see http://insecure.org/nmap/submit/ ). TCP/IP fingerprint:
ISPConfig's Apache is configured to show as few details as possible. I'd just wait for the next ISPConfig version and then install that.