1. Hide Server System Information
By default, When you log on to the Linux system, it will tell you the name, version, kernel version, and server name of the Linux release. To prevent the default information from being leaked, we need to perform the following operations to display only one "login:" prompt.
Delete the/etc/issue and/etc/issue.net files.
Enter the user name and password in the/etc/issue file. You can also write other information in this file.
/Etc/issue.net is the information displayed for telnet remote login. By default, the content is the same as/etc/issue. However, it seems that no one is using it now!
Next I will briefly understand some of the Code meanings in the issue file.
\ D Date of the local end time; \ L display the terminal interfaces; \ m display hardware level (i386/i38/ i586/i686 ...); \ n displays the host's network name; \ O displays the domain name; \ r job system version (equivalent to uname-R) \ t displays the local time; \ s job system name; \ v job system version.
Here, by the way, the information modification method displayed after logging on to the system (PS: if the system has reached this step, it is already known as someone else's bot !).
After logging on to the system, the information is written in the/etc/motd file, which is empty by default. You can write the information you want to display here.
2. Common service software version information shielding
The above explains how to shield the server information, so how can I hide the software version information that provides services on the server? The following describes several common service software version information shielding.
First, we will introduce a command.
Curl -- head http: // localhost: view the information about the HTTP service provided by the server. Here, what program is your HTTP and which version is like Server: nginx/0.8.36 and related PHP information X-powered-by: PHP/5.2.14
The following describes how to hide the information.
Hide apache version information:
Start httpd. conf and add the following two lines: ServerTokens productonlyserversignature off
Hide nginx version information:
Enable nginx. conf and add server_tokens off to HTTP;
Hide the PHP-FPM version information:
Open the PHP-FPM configuration file and find: fastcgi_param server_software nginx/$ nginx_version; change to: fastcgi_param server_software nginx0.0.0; # (this nginx0.0.0 is the displayed content)
Hide PHP version information:
Enable PHP. ini and add: expose_php = OFF.
Hide squid version information:
Use CDN proxy with caution
Squid Reverse Proxy Security Settings
D. Add it to your squid. conf file
Header_access via deny all
Header_access server deny all
Header_access X-Cache deny all
Header_access X-Cache-lookup deny all
After completing the preceding settings, restart Apache/nginx or squi.
Squid3.0 Reverse Proxy Security Settings
Reply_header_access all deny all
1. Lighttpd 1.4.20
Src/response. C: 108 changed:
Buffer_append_string_len (B, const_str_len ("server: Ledu "));
Output header:
HTTP/1.1 404 not found
Content-Type: text/html
Content-Length: 345
Date: Mon, 12 Jan 2009 13:54:02 GMT
Server: Ledu
Hide Server System Version Information