Re: [EMAIL PROTECTED] RSS of Apache Processes
On Sat 12 Jan 2008, Graham Frank wrote: > Correct me if I'm wrong, but should RLimitMem help prevent the RSS value > > >from going insane? I disabled my Perl script on one of the web servers > > today, and after 11 hours each process got up to a RSS of 550MB each. http://httpd.apache.org/docs/2.2/mod/core.html#rlimitmem says: "This applies to processes forked off from Apache children servicing requests, not the Apache children themselves. This includes CGI scripts and SSI exec commands, but not any processes forked off from the Apache parent such as piped logs." Does that help? Torsten -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Is Apache2.2 FIPS compliant?
Please let me know if anybody have any idea of Apache2.2 being FIPS compliant? Thanks in advance Robin Gandhi -- View this message in context: http://www.nabble.com/Is-Apache2.2-FIPS-compliant--tp14774125p14774125.html Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Is Apache2.2 FIPS compliant?
On Jan 12, 2008 3:34 PM, robingandhi21 <[EMAIL PROTECTED]> wrote: > > Please let me know if anybody have any idea of Apache2.2 being FIPS > compliant? > FIPS deals with encryption standards, not http service. Certain versions of OpenSSL are FIPS compliant, so as long as you use a certified version of OpenSSL in Apache, I suppose you are compliant. --Victor -- http://www.victortrac.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Is Apache2.2 FIPS compliant?
Victor Trac wrote: > On Jan 12, 2008 3:34 PM, robingandhi21 <[EMAIL PROTECTED]> wrote: >> Please let me know if anybody have any idea of Apache2.2 being FIPS >> compliant? > FIPS deals with encryption standards, not http service. Certain > versions of OpenSSL are FIPS compliant, so as long as you use a > certified version of OpenSSL in Apache, I suppose you are compliant. That's not completely true. There is some requirement that the apps that use the cryptographic modules use them in "the right way". So its not just a matter of slapping a certified OpenSSL in there. Alas, I don't know specifics of what "the right way" consists of...the office of our security-focused guy that really knows this stuff shares a wall with mine, but its not me, so I'm not up on all the specifics. -- Jeff McAdams "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin signature.asc Description: OpenPGP digital signature
Re: [EMAIL PROTECTED] Is Apache2.2 FIPS compliant?
On Jan 12, 2008 10:08 AM, Jeff McAdams <[EMAIL PROTECTED]> wrote: > Victor Trac wrote: > > On Jan 12, 2008 3:34 PM, robingandhi21 <[EMAIL PROTECTED]> wrote: > >> Please let me know if anybody have any idea of Apache2.2 being FIPS > >> compliant? > > > FIPS deals with encryption standards, not http service. Certain > > versions of OpenSSL are FIPS compliant, so as long as you use a > > certified version of OpenSSL in Apache, I suppose you are compliant. > > That's not completely true. > > There is some requirement that the apps that use the cryptographic > modules use them in "the right way". So its not just a matter of > slapping a certified OpenSSL in there. Alas, I don't know specifics of > what "the right way" consists of...the office of our security-focused > guy that really knows this stuff shares a wall with mine, but its not > me, so I'm not up on all the specifics. There were people working on a certified Apache httpd + OpenSSL. I'm not sure what the result was, but searching the archives of the [EMAIL PROTECTED] list for FIPS will surely turn up something useful. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Is Apache2.2 FIPS compliant?
Robin, On Jan 12, 2008, at 6:34 AM, robingandhi21 wrote: Please let me know if anybody have any idea of Apache2.2 being FIPS compliant? By itself, no. Apache does not do anything special for key management or access control to key material. However, Apache can use a FIPS 140 certified Hardware Security Module like nCipher's nShield card and use keys protected by its Security World. This will make you FIPS 140-2 Level 2 or 3 compliant. Note: I work for nCipher. Let me know if you'd like more information about using hardware-protected keys. Sander -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
RE: [EMAIL PROTECTED] RSS of Apache Processes
Yeah, I read that part. But, I could always hope that the documentation was wrong. Haha. This is just mind-numbingly annoying. Graham Frank Neoservers LLC Founder and Owner Ph: (608) 359-1593 Member of the Better Business Bureau -Original Message- From: Torsten Foertsch [mailto:[EMAIL PROTECTED] Sent: Saturday, January 12, 2008 4:59 AM To: users@httpd.apache.org Cc: Graham Frank Subject: Re: [EMAIL PROTECTED] RSS of Apache Processes On Sat 12 Jan 2008, Graham Frank wrote: > Correct me if I'm wrong, but should RLimitMem help prevent the RSS value > > >from going insane? I disabled my Perl script on one of the web servers > > today, and after 11 hours each process got up to a RSS of 550MB each. http://httpd.apache.org/docs/2.2/mod/core.html#rlimitmem says: "This applies to processes forked off from Apache children servicing requests, not the Apache children themselves. This includes CGI scripts and SSI exec commands, but not any processes forked off from the Apache parent such as piped logs." Does that help? Torsten -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] httpd 2.2.6 build problems on Solaris 10
I am having some problems building httpd 2.2.6 on Solaris 10. I am using the Sun supplied gcc version 3.4.3, and GNU make ver 3.80. I have build many httpd 2.0.xx's on this system, and am currently trying to move to the 2.2.x builds. I did do some Yahoo and Google searches to RTFM. I did turn up a couple of similar issues, but no one shared a resolution. my make output is below. TIA for any positive suggestions, Jerry K === make[3]: Leaving directory `/usr/local/src/h/httpd-2.2.6/modules/mappers' make[2]: Leaving directory `/usr/local/src/h/httpd-2.2.6/modules/mappers' make[1]: Leaving directory `/usr/local/src/h/httpd-2.2.6/modules' Making all in support make[1]: Entering directory `/usr/local/src/h/httpd-2.2.6/support' make[2]: Entering directory `/usr/local/src/h/httpd-2.2.6/support' /usr/local/src/h/httpd-2.2.6/srclib/apr/libtool --silent --mode=link gcc -g -O2 -L/usr/local/lib -R/usr/local/lib -lc -o htpasswd htpasswd.lo -lm /usr/local/src/h/httpd-2.2.6/srclib/pcre/libpcre.la /usr/local/src/h/httpd-2.2.6/srclib/apr-util/libaprutil-1.la -lexpat -liconv /usr/local/src/h/httpd-2.2.6/srclib/apr/libapr-1.la -luuid -lsendfile -lrt -lsocket -lnsl -lpthread /usr/local/src/h/httpd-2.2.6/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /usr/local/src/h/httpd-2.2.6/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /usr/local/src/h/httpd-2.2.6/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /usr/local/src/h/httpd-2.2.6/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /usr/local/src/h/httpd-2.2.6/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /usr/local/src/h/httpd-2.2.6/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' collect2: ld returned 1 exit status make[2]: *** [htpasswd] Error 1 make[2]: Leaving directory `/usr/local/src/h/httpd-2.2.6/support' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/local/src/h/httpd-2.2.6/support' - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
