Security Basics mailing list archives

Re: securing linux webserver?

From: "AragonX" <aragonx () dcsnow com>
Date: Tue, 1 Mar 2005 20:07:38 -0500 (EST)

<quote who="Eduardo Kienetz">

Also, block the disclosure of application versions:
Apache x.xx (i.e. when you try to access a page tat does not exist is
shows: "Apache/1.3.xx Server at xxxxx.com Port 80")


For apache, change your /etc/httpd/conf/httpd.conf file.

ServerTokens OS

should be changed to

ServerTokens Prod.

Don't forget to hide Sendmail information also.  I used this site:

http://homepage.mac.com/felipe_alfaro/iblog/B1004527421/C406641880/E2004287443/

Current thread:

securing linux webserver? Kurt Leum (Feb 28)
- Re: securing linux webserver? Alejandro Flores (Mar 01)
- Re: securing linux webserver? John Doe (Mar 01)
  - Re: securing linux webserver? Aman Raheja (Mar 01)
    - Re: securing linux webserver? Hamish Stanaway (Mar 03)
  - Re: securing linux webserver? Eduardo Kienetz (Mar 01)
    - Re: securing linux webserver? AragonX (Mar 02)
  - Re: securing linux webserver? xyberpix (Mar 01)
- Re: securing linux webserver? Hecber Cordova (Mar 01)
  - Re: securing linux webserver? Marco (Mar 01)
- Re: securing linux webserver? Hecber Cordova (Mar 02)
- Re: securing linux webserver? David Glosser (Mar 03)
- <Possible follow-ups>
- Re: securing linux webserver? Ivan Coric (Mar 01)
- RE: securing linux webserver? Smith, Ryan (Mar 01)
- Re: securing linux webserver? Kurt Leum (Mar 02)