Deprecated Linux settings to reinforce System Security (1)

Computers on the network can be easily scanned by hackers using tools or other means to find vulnerabilities in the system and then attack the vulnerabilities.

For HTTP Services

By analyzing the types of Web servers, We can roughly predict the types of operating systems. For example, in Windows, IIS is used to provide HTTP services, while in Linux, Apache is the most common.

There is no information protection mechanism in the default Apache configuration and directory browsing is allowed. You can obtain information similar to "Apache/1.3.27 Server at apache.linuxforum.net Port 80" or "Apache/2.0.49 (Unix) PHP/4.3.8" through directory browsing.

You can hide Apache Information by modifying the ServerTokens parameter in the configuration file. However, Apache running in Red Hat Linux is a compiled program, prompting that the information is compiled in the program. To hide the information, you need to modify the Apache source code, and then re-compile and install the program, to replace the prompt content.

Take Apache 2.0.50 as an example. Edit the ap_release.h file and change "# define AP_SERVER_BASEPRODUCT \" Apache \ "to" # define AP_SERVER_BASEPRODUCT \ "Microsoft-IIS/5.0 \"". Edit the OS/unix/OS. h file and change "# define PLATFORM \" Unix \ "to" # define PLATFORM \ "Win32 \"". After modification, recompile and install Apache.

After installing Apache, modify the httpd. conf configuration file, change "ServerTokens Full" to "ServerTokens Prod", change "ServerSignature On" to "ServerSignature Off", and then save the disk and exit. After restarting Apache, run a tool to scan and find that the operating system is Windows.