Developers Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Apache Banner Linux Distribution Disclosure

This entry from Security Metrics indicates that the Apache service shows what operating system you are running.

ClearCenter response

Short response

Knowing the version of the operating system running is not a vulnerability.

Long response

While knowing the version of a flawed and non-up-to-date operating system is an advantage to a hacker, knowing that an operating system is an automatically updated OS which is known for timely fixes and updates is NOT an advantage but rather a deterrent to further investigation.

Resolution

No action required.

If you want to obfuscate your OS in Apache, you can perform the following:

First, establish a baseline by looking at your own headers:

curl --head localhost

Next, modify the /etc/httpd/conf/httpd.conf file and change the following two lines:

ServerSignature On
Server Tokens OS

to:

ServerSignature Off
Server Tokens Prod

(optional) … and while you are at it, close down php from revealing its version as well by modifying /etc/php.ini and changing:

expose_php = On

to this:

expose_php = Off

Restart the web service:

service httpd restart

Lastly, re-examine the reporting service:

curl --head localhost
content/en_us/kb_3rdparty_security_metrics_apache_banner_linux_distribution_disclosure.txt · Last modified: 2015/01/29 09:32 (external edit)

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Akb_3rdparty_security_metrics_apache_banner_linux_distribution_disclosure&1711660075