How to maintain PCI compliance on a LAMP server when repositories don't keep up with versions

Posted by Jared Green on Server Fault See other posts from Server Fault or by Jared Green
Published on 2012-10-14T22:47:06Z Indexed on 2012/10/15 3:42 UTC
Read the original article Hit count: 425

Filed under:

php

|

repository

|

lamp

|

pci

We run Ubuntu Lucid 10.0.4 as the foundation of our LAMP environment. We are trying to become PCI compliant so that we can pass CC info through our server. We have run some third-party scans on our servers to begin the certification process and have run into errors regarding PHP 5 versions and Apache versions. The latest PHP version hosted in our official lucid repository is about 10 versions lower than what PCI compliance requires.

How do we upgrade to stay current with PCI compliance requirements?

We need to get from php 5.3.2 to php 5.3.15

As well as up to apache 2.2.23

I've searched far and wide for an answer and haven't come up with a realistic answer. Some recommend compiling manually - which sounds like a nightmare, and others recommend a PPA - which sounds insecure. What should we do?

© Server Fault or respective owner

Related posts about php

Magento, NGINX, PHP-FPM, APC, MEMCACHED, 16gb Ram CentOS, Spiking PHP-FPM to 100% CPU

as seen on Server Fault - Search for 'Server Fault'
I have been trying to resolve my issue of spiking cpu caused by php-fpm processes. I've reduced the php-fpm config settings to: pm = ondemand pm.max_children = 12 pm.start_servers = 2 pm.min_spare_servers = 2 pm.max_spare_servers = 10 pm.max_requests = 500 php_admin_value[memory_limit] = 128M Problem… >>> More
PHP Pear Installation on CentOS

as seen on Server Fault - Search for 'Server Fault'
[root@ip ~]# yum install php-pear* Reducing CentOS-5 Testing to included packages only Finished Setting up Install Process Package 1:php-pear-1.8.1-2.el5.centos.noarch already installed and latest versio … >>> More
Apache configurations for php "AddType text/html php" or "AddType application/x-httpd-php php .php"

as seen on Server Fault - Search for 'Server Fault'
I am taking over an application server and discover that it contain the following settings: AddType text/html php Although it works, but my understanding is that it should set as following: AddType application/x-httpd-php php .php What are the key differences between the two settings?… >>> More
mod_rewrite settings causes server to throw HTTP 500 errors instead of 404

as seen on Server Fault - Search for 'Server Fault'
Hello. I have a server with VBulletin forum (working under Apache 2.2, CentOS). The default settings for it in .htaccess are as follows: RewriteEngine on RewriteCond %{HTTP_HOST} ^gsmforum\.ru RewriteRule (.*) http://www.gsmforum.ru/$1 [R=301,L] # If you are having problems or are using VirtualDocumentRoot… >>> More
Problems installing Memcache (PECL extension)

as seen on Server Fault - Search for 'Server Fault'
I have installed memcached fine, and now I will need to install PECL extension memcache. Im running RedHat x86_64 es5. The installation gives me this: downloading memcache-2.2.6.tgz ... Starting to download memcache-2.2.6.tgz (35,957 bytes) ..........done: 35,957 bytes 11 source files, building running:… >>> More

Related posts about repository

apt-get install and update fail

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I've got a problem with apt-get update and apt-get install ... commands . every time update or installing fails and errors are : Get:1 http://dl.google.com stable Release.gpg [198B] Ign http://dl.google.com/linux/chrome/deb/ stable/main Translation-en_US Get:2 http://dl… >>> More
c#Repository pattern: One repository per subclass?

as seen on Stack Overflow - Search for 'Stack Overflow'
I am wondering if you would create a repository for each subclass of a domain model. There are two classes for example: public class Person { public virtual String GivenName { set; get; } public virtual String FamilyName { set; get; } public virtual String EMailAdress { set; get; } … >>> More
Converting mercurial repository to svn repository

as seen on Stack Overflow - Search for 'Stack Overflow'
I know you can convert svn repository to mercurial repository (or use mercurial as a client to svn repo) but what I want is to convert mercurial repository to svn repository. We have some tool that uses SVNKit, and we'd like to continue use it, but want to be able to work on mercurial repository… >>> More
How can I setup dependencies for Axis2 / Axiom on Maven2

as seen on Stack Overflow - Search for 'Stack Overflow'
I've tried the following settings on pom.xml to use Axis2 wsdl2code: <dependencies> <dependency> <groupId>org.apache.axis2</groupId> <artifactId>axis2</artifactId> <version>1.5.1</version> </dependency> </dependencies> ... <build> … >>> More
How to download complete maven remote repository to Local repository

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello , Is there any to get the entire remote repository , say from http://repo1.maven.org/maven2/ , to my local repository (to %USERPROFILE%)? Thanks in advance for the help. Srinivas N >>> More