Difference between revisions of "Security"

From Anarchaserver
Line 4: Line 4:


* Open up /etc/apache2/conf.d/security
* Open up /etc/apache2/conf.d/security
* Current setting is "ServerTokens OS". I recommend setting it to "Prod"?
* Set ''ServerTokens OS'' to ''Prod''.
* ServerSignature is On. I recommend turning it Off.
* Turn ''ServerSignature'' to ''Off''.
* Restart Apache web server.
* Restart Apache web server.



Revision as of 12:44, 27 September 2015

Bogus http requests

Hackers can send bogus http requests to get the server to generate error pages because the information about the server OS and web server version can be useful to them. The information given out by the server seems not sufficiently reduced. Its not a good idea to broadcast the versions of software your running. While it doesn't make your server any more secure, it may make you less of a target. See http://helpinlinux.com/apache-server-tokens/

  • Open up /etc/apache2/conf.d/security
  • Set ServerTokens OS to Prod.
  • Turn ServerSignature to Off.
  • Restart Apache web server.

iptables

fail2ban

network wrappers (PAM)