Difference between revisions of "Security"

From Anarchaserver
(Created page with "=== Bogus http requests === Hackers can send bogus http requests to get the server to generate error pages because the information about the server OS and web server version ...")
 
Line 1: Line 1:
=== Bogus http requests ===
=== Bogus http requests ===


Hackers can send bogus http requests to get the server to generate error pages because the information about the server OS and web server version can be useful to them. The information given out by the server seems not sufficiently reduced. Its not a good idea to broadcast the versions of software your running. While it doesn't make your server any more secure, it may make you less of a target.
Hackers can send bogus http requests to get the server to generate error pages because the information about the server OS and web server version can be useful to them. The information given out by the server seems not sufficiently reduced. Its not a good idea to broadcast the versions of software your running. While it doesn't make your server any more secure, it may make you less of a target. See http://helpinlinux.com/apache-server-tokens/
 
Settings for that are in <code>/etc/apache2/conf.d/security</code>
 
See http://helpinlinux.com/apache-server-tokens/


* Open up /etc/apache2/conf.d/security
* Current setting is "ServerTokens OS". This will give out the web server
* Current setting is "ServerTokens OS". This will give out the web server
version and the operating system version. I recommend setting it to "Prod"?
version and the operating system version. I recommend setting it to "Prod"?

Revision as of 22:37, 23 September 2015

Bogus http requests

Hackers can send bogus http requests to get the server to generate error pages because the information about the server OS and web server version can be useful to them. The information given out by the server seems not sufficiently reduced. Its not a good idea to broadcast the versions of software your running. While it doesn't make your server any more secure, it may make you less of a target. See http://helpinlinux.com/apache-server-tokens/

  • Open up /etc/apache2/conf.d/security
  • Current setting is "ServerTokens OS". This will give out the web server

version and the operating system version. I recommend setting it to "Prod"?

  • ServerSignature is On. I recommend turning it off.
  • Restart Apache web server.

iptables

fail2ban

network wrappers (PAM)