During a recent security audit, the application security team of xFusionCorp Industries found security issues with the Apache web server on Nautilus App Server 1 server in Stratos DC. They have listed several security issues that need to be fixed on this server. Please apply the security settings below:
a. On Nautilus App Server 1 it was identified that the Apache web server is exposing the version number. Ensure this server has the appropriate settings to hide the version number of the Apache web server.
b. There is a website hosted under /var/www/html/media on App Server 1. It was detected that the directory /media lists all of its contents while browsing the URL. Disable the directory browser listing in Apache config.
c. Also make sure to restart the Apache service after making the changes.
Sample Answer:
#login to app server ( as given in the question, check your question)
ssh <user>@<app_server>
# switch to root user
sudo su
# start and check status of the apache service
systemctl start httpd
systemctl status httpd
#before doing the task, verify from the jump host (you can open another terminal on top and check )
curl -I http://your respective app server IP:8080
* you will see the output with the apache version
#navigate to httpd conf directory and edit httpd.conf file as below
cd /etc/httpd/conf/
vi httpd.conf
#add below line at the end
ServerTokens Prod
ServerSignature Off
#now go to the section (directory "var/www/html") and change as below
<Directory “/var/www/html/<dir from from your question>/”>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
# save conf file
# restart the httpd
systemctl restart httpd
*Please comment on this post if you are facing any issues in the steps, also provide your feedback in the comments :)
Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.
Fantastic article post.Really thank you! Awesome.
ReplyDeletelinux training