I want to change/lessen the number of default modules built with apache
and would prefer to not have to recompile apache, separate from the rest
of the userland, every time i update/upgrade my system.
I'm currently running 4.1 and am running the stock install of apache
which "httpd -l" reports:
Compiled-in modules:
http_core.c
mod_env.c
mod_log_config.c
mod_mime.c
mod_negotiation.c
mod_status.c
mod_include.c
mod_autoindex.c
mod_dir.c
mod_cgi.c
mod_asis.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_access.c
mod_auth.c
mod_so.c
mod_setenvif.c
mod_keynote.c
mod_ssl.c
suexec: disabled; invalid wrapper /usr/sbin/suexec
I would much prefer to have all of my modules dynamic and use AddModule
commands in the httpd.conf file if possible.
The question is, can i put configure commands for apache in the mk.conf
file and then when i update/upgrade/rebuild userland, apache will be
built that way from then on? If so, clues or pointers to help would be
greatly appreciated.
I did read the mk.conf man page but it left me more befuddled than
before reading, at least as far as the scope of httpd or any other
programs (named, dhcpd.. etc) are concerned.
If i am way off base on this, which is a good possibility, is there some
way i can accomplish what i'm after in another way..and subsequently..
where would i look to get started on it.
Lastly, the logic behind this. I was reading a few tutorials/papers
http://www.securityfocus.com/infocus/1694
http://www.apachesecurity.net/download/apachesecurity-ch02.pdf
http://linuxplanet.com/linuxplanet/tutorials/1527/7/
and a couple others, on hardening apache and it seemed the all around
consensus that the fewer modules compiled in, the better as far as
security is concerned. If these articles are incorrect, please inform
me of that as well.
Thanks in advance,
Aaron