Apache2 safety?
Joel Oliver
joelol75 at verizon.net
Sun Aug 3 18:29:36 UTC 2008
> Thanks, that is nice to hear. Is there anything else that needs fixing
> in the basic install to make thing as safe as can be? I am running
> firestarter and only have port 80 open an a few others for torrents
> and what not. Port 22 is closed, sure gets hit a lot!
>
>
>
One thing I like to do is limit the server 'tokens'. Doesn't do much
for safety, but having the server report every enabled option and its
version along with your OS type and version is not a good idea IMO
(Makes scripting attacks looking in the header easy if an exploit for a
certain version/OS is found). You can understand what I am talking
about goto http://www.grc.com/id/idserve.htm This utility only works
in windows though... I have never seen a linux version and this doesn't
seem to work right in wine...
The section in the apache2.conf file is:
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Minor
I set mine on 'Minor' although for the truly paranoid 'Prod' would be better
Also remove any symbolic links from the mods enabled directory for
anything you will not use... And I usually have to enable the mod for
ssl (For https: access)
A quicker way to manage these symbolic links are the a2enmod and
a2dismod commands.
More information about the kubuntu-users
mailing list