Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
For security resons. The less info an attacker has, the harder it is to gain access. Right? Not that I'm a prime target or anything, just curious if it could be done.
The main reason for doing this is to guard against a 0-day exploit that is released to the kiddies. The "Know your enemy" book from the honeynet project postulates that over 60% of all attacks are launched on the back of internet scans, with kiddies continually scanning class A blocks looking for known vulnerable versions of software.
If I have a canned exploit for "Microsoft-IIS 5.0" then I scan port 80 looking for it. Once I amass enough targets then I go exploit them to put Stacheldracht or Trinoo on. Its a status symbol for the kiddies to claim that they 0wn3d 75 IIS servers, or whatever.
Fudging your web header is possible on every web server (iPlanet, Apache, IIS) but the method is different in each case. Be aware if your are using IIS (though if you are why are you posting here?) that whilst URLScan purports to be able to change the web header, doing it breaks multi-part PDF downloads (i.e. PDF's of more than a single page). You are better in that case to hex edit the DLL.
Apache is by far the easiest/best in this respect.
0-day exploits - sometimes security through obscurity is all that you have got. ;>
Originally posted by chrisknight What about changing it in RedHat 9? ...or fedora core1?
Thanks,
Chris
The distro doesn't matter in this situation, its within apache the changes need to be changed like mentioned above.
And also the security thru obscurity, yeah, no point really. Changing your httpd server to make it look like its another OS and webserver isn't gonna do jack for you to tell you the truth.
You should learn real security methods instead of wasting your time with these silly one's. Check out the sticky thread in Security where unspawn has made a list of valuable links to different security sites, information, howto's and such. Very good list of links with plethora of information.
for those who want to know... the answer is stupid simple.
Someone already replied as to how to do it in apache1. I (like most people now) run apache 2.
you must have the headers module or this line in httpd.conf:
LoadModule headers_module modules/mod_headers.so
then in httpd.conf apply this line:
Header set Server "your server name here"
Netcraft will cache entries for a time so the changes wont take affect there right away...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
fake out netcraft.com
