Linux: Cut Down on the Information Leaked by Apache2 Webserver

It’s a given that information leakage in the form of server / mod versions can seriously aid an attacker in compromising your server and / or web application. By cutting down the amount of information that your server freely surrenders you can make the attacker’s job that much harder – these very quick tips will do just that!

ServerTokens

In your /etc/apache2/conf.d/security file, look for “ServerTokens” and set the parameter to “Prod” – this will identify the server software only, no versions, or extensions.

# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Prod

Description:

ServerTokens Prod[uctOnly]
Server sends (e.g.): Server: Apache
ServerTokens Major
Server sends (e.g.): Server: Apache/2
ServerTokens Minor
Server sends (e.g.): Server: Apache/2.0
ServerTokens Min[imal]
Server sends (e.g.): Server: Apache/2.0.41
ServerTokens OS
Server sends (e.g.): Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not specified)
Server sends (e.g.): Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2

expose_php

In the same vein, we want to remove any information shown by the php install which is done by setting the “expose_php” directive to “Off”.

Locate this in the /etc/php5/apache2/php.ini file and set accordingly:

; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header).  It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
expose_php = Off

Linux: Recursively FTP Directories Using CLI Using ‘wget’

So you want to recursively copy full FTP directory structures but don’t want to use a GUI client (or can’t)?

Everyone seems to resort to ‘mget’ or multiple-get on the command line but this does not do recursive copies.

The best way is to use wget which will do *exactly* what you want – copy the directories and store them in their original structure. This is incredibly easy to do as follows:

wget -r --user myusername --password mypassword ftp://ftp.mydomain.co.uk/mysite

You’ll see a bunch of entries – one for each file – as follows, showing that it’s working 🙂
--2013-11-16 12:36:48--  ftp://ftp.mydomain.co.uk/websites/testfile.txt

=> `ftp://ftp.mydomain.co.uk/websites/testfile.txt'
==> CWD not required.
==> PASV ... done.    ==> RETR testfile.txt ... done.
Length: 11897 (12K)

100%[==============================================================================>]
11,897      24.1K/s   in 0.5s

Linux: Example Syntax for Secure Copy ‘scp’

Example syntax for Secure Copy scp

What is Secure Copy?

scp allows files to be copied to, from, or between different hosts. It uses ssh for data transfer and provides the same authentication and same level of security as ssh.

Examples

Copy the file “foobar.txt” from a remote host to the local host

$ scp your_username@remotehost.edu:foobar.txt /some/local/directory

Copy the file “foobar.txt” from the local host to a remote host

$ scp foobar.txt your_username@remotehost.edu:/some/remote/directory

Copy the directory “foo” from the local host to a remote host’s directory “bar”

$ scp -r foo your_username@remotehost.edu:/some/remote/directory/bar

Copy the file “foobar.txt” from remote host “rh1.edu” to remote host “rh2.edu”

$ scp your_username@rh1.edu:/some/remote/directory/foobar.txt \ your_username@rh2.edu:/some/remote/directory/

Copying the files “foo.txt” and “bar.txt” from the local host to your home directory on the remote host

$ scp foo.txt bar.txt your_username@remotehost.edu:~

Copy the file “foobar.txt” from the local host to a remote host using port 2264

$ scp -P 2264 foobar.txt your_username@remotehost.edu:/some/remote/directory

Copy multiple files from the remote host to your current directory on the local host

$ scp your_username@remotehost.edu:/some/remote/directory/\{a,b,c\} . $ scp your_username@remotehost.edu:~/\{foo.txt,bar.txt\} . scp

Source: Example syntax for Secure Copy scp.

Exit mobile version
%%footer%%