Difference between revisions of "Security"

From Anarchaserver
Line 4: Line 4:


* Open up /etc/apache2/conf.d/security
* Open up /etc/apache2/conf.d/security
* Current setting is "ServerTokens OS". This will give out the web server
* Current setting is "ServerTokens OS". I recommend setting it to "Prod"?
version and the operating system version. I recommend setting it to "Prod"?
* ServerSignature is On. I recommend turning it Off.
* ServerSignature is On. I recommend turning it off.
* Restart Apache web server.
* Restart Apache web server.


Revision as of 22:38, 23 September 2015

Bogus http requests

Hackers can send bogus http requests to get the server to generate error pages because the information about the server OS and web server version can be useful to them. The information given out by the server seems not sufficiently reduced. Its not a good idea to broadcast the versions of software your running. While it doesn't make your server any more secure, it may make you less of a target. See http://helpinlinux.com/apache-server-tokens/

  • Open up /etc/apache2/conf.d/security
  • Current setting is "ServerTokens OS". I recommend setting it to "Prod"?
  • ServerSignature is On. I recommend turning it Off.
  • Restart Apache web server.

iptables

fail2ban

network wrappers (PAM)

Retrieved from "https://alexandria.anarchaserver.org/index.php?title=Security&oldid=188"