Developers Documentation



301 error for file:

User Tools

Site Tools

OS Identification

This entry from Security Metrics indicates that some risk may derived from knowing the version of the underlying operating system.

ClearCenter response

Short response

This issue does not present a tangible risk to the running system.

Long response

Knowing the server version does not present a specific risk. The argument is that it can be construed that knowledge of the type of server running will embolden a hacker into further investigation. It can also be construed that knowing the server version dissuades further investigation as this system receives timely updates.


No action required.

Optionally, if you want to remove the OS and version reported by your Apache Web Server, perform the following:

First, establish a baseline by looking at your own headers:

curl --head localhost

Next, modify the /etc/httpd/conf/httpd.conf file and change the following two lines:

ServerSignature On
Server Tokens OS


ServerSignature Off
Server Tokens Prod

(optional) … and while you are at it, close down php from revealing its version as well by modifying /etc/php.ini and changing:

expose_php = On

to this:

expose_php = Off

Restart the web service:

service httpd restart

Lastly, re-examine the reporting service:

curl --head localhost
content/en_us/kb_3rdparty_security_metrics_os_identification.txt · Last modified: 2015/01/29 09:46 (external edit)