Disguise the illusion of Linux to enhance its own security

By disguising the Linux systemHackerSet the system illusion to increaseHackerThe difficulty of analyzing the system will lead them astray to further improve the security of computer systems. The following uses Red Hat Linux as an example.HackerThis section describes some common methods for disguising Linux systems.

For HTTP Services

By analyzing the types of Web servers, We can roughly predict the types of operating systems. For example, in Windows, IIS is used to provide HTTP services, while in Linux, Apache is the most common.


There is no information protection mechanism in the default Apache configuration and directory browsing is allowed. You can obtain information similar to "Apache/1.3.27 Server at apache.linuxforum.net Port 80" or "Apache/2.0.49 (Unix) PHP/4.3.8" through directory browsing.

You can hide Apache Information by modifying the ServerTokens parameter in the configuration file. However, Apache running in Red Hat Linux is a compiled program, prompting that the information is compiled in the program. To hide the information, you need to modify the Apache source code, and then re-compile and install the program, to replace the prompt content.

Take Apache 2.0.50 as an example. Edit the ap_release.h file and change "# define AP_SERVER_BASEPRODUCT Apache" to "# define AP_SERVER_BASEPRODUCT Microsoft-IIS/5.0 ". Edit the OS/unix/OS. h file and change "# define PLATFORM Unix" to "# define PLATFORM Win32 ". After modification, recompile and install Apache.

After installing Apache, modify the httpd. conf configuration file, change "ServerTokens Full" to "ServerTokens Prod", change "ServerSignature On" to "ServerSignature Off", and then save the disk and exit. After restarting Apache, run a tool to scan and find that the operating system is Windows.

For FTP services

Through the FTP service, you can also speculate on the operating system type. For example, in Windows, FTP services are mostly Serv-U, while in Linux, vsftpd, proftpd, and pureftpd are commonly used.

Take proftpd as an example. modify the configuration file proftpd. conf and add the following content:

ServerIdent on Serv-u ftp Server v5.0 for WinSock ready...

After the disk is exited, restart the proftpd service and log on to the FTP server with the prompt modified for testing:

C: \ ftp 192.168.0.1

Connected to 192.168.0.1.

220 Serv-u ftp Server v5.0 for WinSock ready...

User (192.168.0.1 :( none )):

331 Password required for (none ).

Password:

530 Login incorrect.

Login failed.

Ftp quit

221 Goodbye.

In this way, the server is a Windows running Serv-U.