Linux: Cut Down on the Information Leaked by Apache2 Webserver

It’s a given that information leakage in the form of server / mod versions can seriously aid an attacker in compromising your server and / or web application. By cutting down the amount of information that your server freely surrenders you can make the attacker’s job that much harder – these very quick tips will do just that!

ServerTokens

In your /etc/apache2/conf.d/security file, look for “ServerTokens” and set the parameter to “Prod” – this will identify the server software only, no versions, or extensions.

# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Prod

Description:

ServerTokens Prod[uctOnly]
Server sends (e.g.): Server: Apache
ServerTokens Major
Server sends (e.g.): Server: Apache/2
ServerTokens Minor
Server sends (e.g.): Server: Apache/2.0
ServerTokens Min[imal]
Server sends (e.g.): Server: Apache/2.0.41
ServerTokens OS
Server sends (e.g.): Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not specified)
Server sends (e.g.): Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2

expose_php

In the same vein, we want to remove any information shown by the php install which is done by setting the “expose_php” directive to “Off”.

Locate this in the /etc/php5/apache2/php.ini file and set accordingly:

; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header).  It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
expose_php = Off

Linux: Recursively FTP Directories Using CLI Using ‘wget’

So you want to recursively copy full FTP directory structures but don’t want to use a GUI client (or can’t)?

Everyone seems to resort to ‘mget’ or multiple-get on the command line but this does not do recursive copies.

The best way is to use wget which will do *exactly* what you want – copy the directories and store them in their original structure. This is incredibly easy to do as follows:

wget -r --user myusername --password mypassword ftp://ftp.mydomain.co.uk/mysite

You’ll see a bunch of entries – one for each file – as follows, showing that it’s working 🙂
--2013-11-16 12:36:48--  ftp://ftp.mydomain.co.uk/websites/testfile.txt

=> `ftp://ftp.mydomain.co.uk/websites/testfile.txt'
==> CWD not required.
==> PASV ... done.    ==> RETR testfile.txt ... done.
Length: 11897 (12K)

100%[==============================================================================>]
11,897      24.1K/s   in 0.5s

Checkpoint: Smartcenter Migration Tools – R65, R70, R71, R75, R76, R77

This page will be updated as new tools become available; please note that you need valid usercentre credentials to download the files.

R77 Migration Tools –  Gaia / SecurePlatform / Linux / Windows / Solaris

R76 Migration Tools – Windows / SecurePlatform / RHEL / Gaia / IPSO 6 / Solaris

R75 Migration Tools – Windows / SecurePlatform / Linux / IPSO 6 / Solaris

 

Exit mobile version
%%footer%%