linux

How to improve Apache 2.x web server security: disabling headers

Submitted by Massimiliano on 06/06/2011

To increase the security of your Apache web server you should disable the Apache headers, as they contain a lot of sensitive information about the OS, the version of Apache, modules and other installed software.

This informations are exposing the system to potential security holes, because knowing the version of software is also possible to know which bugs are affected.

To disable the headers from Apache 2.x, we must enable and set the two directives:

  • ServerTokens
  • ServerSignature

On Apache 2.x built from sources with ./configure --prefix=/usr/local/apache2:

Edit the file /usr/local/apache2/conf/extra/http-default.conf and set:

ServerTokens Prod

and then

ServerSignature Off

Edit the file /usr/local/apache2/conf/httpd.conf and uncomment the directive:

# Various default settings
Include conf/extra/httpd-default.conf

Restart Apache

/usr/local/apache2/bin/apachectl restart

On a Debian 6 squeeze, with Apache 2.x installed from packages:

Edit the file /etc/apache2/conf.d/security and edit existing directives like the following:

ServerTokens Prod
ServerSignature Off

Restart Apache

/etc/init.d/apache2 restart

Header are now disabled and security is improved, if you want to check actual headers you can install a Google Chrome plugin or a Firefox add-ons.

Tags:

How to setup Static IP Address on Debian 6 squeeze

Submitted by Massimiliano on 28/05/2011

Set static IP on Debian is very simple: just edit the file /etc/network/interfaces.

During installation, if the network settings were not changed, the interfaces file is configured in DHCP mode, and looks like this:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp

To set the static IP address, you need to edit # The primary network interface code> like this: 

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 192.168.0.100
gateway 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255

IMPORTANT: The above/below values, as the interface eth0, ​​are just for example, replace them with those of your network configuration.

From shell, as root ( if you are normal user, put sudo before each command ), restart the network service with this command line: 

~# /etc/init.d/networking restart

Yes, as the warning say, restart is deprecated: don't worry, the service will restart correctly.

or better: 

~# ifdown eth0 && ifup eth0

We're done.

Tags:

Subscribe to RSS - linux