A Few Apache Hardening Basics

By Daniel Miessler on December 7th, 2009: Tagged as Information Security

apache

Here are a few things you should consider doing immediately after installing and configuring Apache. Not to be confused with an Apache hardening guide, this is just a list of three (3) minimums.

Permissions

Here’s a script you can run to harden the permissions on your web root. It will make sure ownership is correct (change as needed), and that all your directories are 755 and files are 644.

[bash]alias perms="find /var/www/localhost/ -print0 | xargs -0 chown apache:root; find /var/www/localhost/htdocs/ -type d -print0 | xargs -0 chmod 755; find /var/www/localhost/htdocs/ -type f -print0 | xargs -0 chmod 644;[/bash]

Directory Listing

Within Ubuntu, you can edit /etc/apache2/sites-available/default and change the Indexes bit to -Indexes.

[bash]Directory /var/www/localhost/htdocs/ Options -Indexes[/bash]

Disable Advertising of Your Apache Version

In later versions of Apache, the ServerTokens option replaces ServerSignature as the means by which you determine how much information Apache gives about itself.

[bash]ServerTokens Prod[/bash]

Then bounce the service:

[bash]/etc/init.d/apache2 restart[/bash]

(thanks to Mike M. for the inspiration to post this.)

Top

Information Security / Technology

Politics

Philosophy & Religion

Technology & Science

Culture & Society

Miscellaneous

A Coffee Primer

Arguments

Projects

Collections

Twitter

Coffee. Scone. Way too much work due soon. Life is wonderful.
"My first wife died of mushroom poisoning. My second wife died of a concussion. She wouldn't eat her mushrooms."
Source2URL: Parse Source Code Directory, Send URLs Through Proxy | http://t.co/Se7cWxNP #websec #infosec
The 5 Why's Method of Discovering Root Causes | Harvard Business Review http://t.co/mGcbdL0L #productivity
A List of Source Code Analyzers | http://t.co/67YbEDJo #nist #appsec
Change your Google Ad settings | http://t.co/EJaZWOfX #weird