Find out which security patches are applied to Apache

On enterprise Linux (RHEL, CentOS, etc), many patches are backported to an otherwise older version number. To see which patches have been applied (in this example, to Apache), you can do:

rpm -q --changelog httpd
rpm -q --changelog apr

this may help for security scans, PCI compliance, etc.

Btw, a couple of other Apache-related things to do for security audits (by no means complete), are minimize Apache info to “Prod[uctOnly]“:

ServerTokens Prod

and turn off “TraceEnable

TraceEnable off

Leave a Reply