Greetings,

I ask a security question. I want to hide "Linux" OS, and "linux" change the "unknown".

How can i do it? ex. my server seen on Netcraft "Linux".

I just hide os.

My server Redhat, not apache. i use iPlanet web server.

tys

Changing these values does not strengthen the machines security posture.


It only obfuscates things and even then in a way that can be circumvented by:
- passively watching return traffic for values specific to an OS (p0f),
- actively scanning the machine for services one would expect to be filtered out (or not) given a certain OS,
- actively OS-scanning the machine (nmap, nikto, OpenVAS, etc, etc),
- looking at application default locations or source code for clues,
- forcing applications to return an error (page) showing OS details,
- searching the server for applications that only run on a certain OS,
- retrieving archived or other historical data related to the site, domain or webfarm that would indicate they run or don't support certain OSes,
- searching the 'net for a certain server admin who wants to obfuscate things ;-p


Red Hat is a vendor. Red Hat Enterprise Linux is a Linux OS. Apache is a brand of web server as is Oracle iPlanet. Apache has directives in its main configuration file to change what it emits via response headers so maybe iPlanet has an equivalent.