Apache HTTP Server is an open-source web server platform leveraged by a number of applications within the bank. This article will outline the steps to install, configure and harden a zero-footprint instance of Apache 2.x.
Initial Installation
The first step is to retrieve the source files from Apache. Sine we are primarily using Unix-based systems, we will grab the bzip2 compressed file, but the steps would be similar on Linux using a gunzip archive.
wget http://archive.apache.org/dist/httpd/httpd-2.2.32.tar.bz2 [ -e use-proxy=yes -e http_proxy=server/IP:port
Next we unpack the archive
bzip2 -d httpd-2.2.32.tar.bz2 tar -xvf httpd-2.2.32.tar
For our purposes, one of the first levels of hardening comes during our initial setup phase. This is achieved by compiling our new Apache instance with only the static modules that we require. The following command is good starting point; the enable-mods-shared=few will compile Apache with the bare minimum DSOs and other modules are enabled/disabled as needed. A complete list of modules can be found here Apache 2.2 Modules. The --prefix switch allows as to specify the custom install directory for Apache. Further configuration options can be viewed here Apache Configuration Options.
References
http://httpd.apache.org/docs/2.0/install.html - Official instructions.