Hvu
02-24-2005, 01:45 AM
This guide is to secure Apache, and Bind. Showing your version numbers could lead to an attack as bots troll the internet looking for servers with old or certain version numbers they can unleash their attack on.
Apache
1. Open your httpd configuration file.
You can use vi or pico or nano. I use pico for my editing needs.
*Blue represents which editor you use.
pico /etc/httpd/conf/httpd.conf
2. Search for "ServerSignature"
Search for "ServerSignature" in your configuration file.
Now change "on" to "off"
Right below that add a line that has the following:
" ServerTokens Prod"
Save the config file and restart apache
/etc/rc.d/init.d/httpd restart
Bind
1. Open your exim configuration files.
pico /etc/named.conf
2. Search for "query-source address * port 53;"
If before this line it is commented out, then remove the comment.
Right under it add "version "Named";" without " ".
Save then restart named
service named restart
Apache
1. Open your httpd configuration file.
You can use vi or pico or nano. I use pico for my editing needs.
*Blue represents which editor you use.
pico /etc/httpd/conf/httpd.conf
2. Search for "ServerSignature"
Search for "ServerSignature" in your configuration file.
Now change "on" to "off"
Right below that add a line that has the following:
" ServerTokens Prod"
Save the config file and restart apache
/etc/rc.d/init.d/httpd restart
Bind
1. Open your exim configuration files.
pico /etc/named.conf
2. Search for "query-source address * port 53;"
If before this line it is commented out, then remove the comment.
Right under it add "version "Named";" without " ".
Save then restart named
service named restart