Quote:
Originally Posted by hebeles
I ask a security question.
|
Changing these values does not
strengthen the machines security posture.
Quote:
Originally Posted by hebeles
I want to hide "Linux" OS, and "linux" change the "unknown". (..) ex. my server seen on Netcraft "Linux".
|
It only obfuscates things and even then in a way that can be circumvented by:
- passively watching return traffic for values specific to an OS (p0f),
- actively scanning the machine for services one would expect to be filtered out (or not) given a certain OS,
- actively OS-scanning the machine (nmap, nikto, OpenVAS, etc, etc),
- looking at application default locations or source code for clues,
- forcing applications to return an error (page) showing OS details,
- searching the server for applications that only run on a certain OS,
- retrieving archived or other historical data related to the site, domain or webfarm that would indicate they run or don't support certain OSes,
- searching the 'net for a certain server admin who wants to obfuscate things ;-p
Quote:
Originally Posted by hebeles
My server Redhat, not apache. i use iPlanet web server.
|
Red Hat is a vendor. Red Hat Enterprise Linux is a Linux OS. Apache is a brand of web server as is Oracle iPlanet. Apache has directives in its main configuration file to change what it emits via response headers so maybe iPlanet has an equivalent.