Here are a few things you should consider doing immediately after installing and configuring Apache. Not to be confused with an Apache hardening guide, this is just a list of three (3) minimums.
Here’s a script you can run to harden the permissions on your web root. It will make sure ownership is correct (change as needed), and that all your directories are 755 and files are 644.
[bash]alias perms="find /var/www/localhost/ -print0 | xargs -0 chown apache:root; find /var/www/localhost/htdocs/ -type d -print0 | xargs -0 chmod 755; find /var/www/localhost/htdocs/ -type f -print0 | xargs -0 chmod 644;[/bash]
Within Ubuntu, you can edit
/etc/apache2/sites-available/default and change the
Indexes bit to
[bash]Directory /var/www/localhost/htdocs/ Options -Indexes[/bash]
Disable Advertising of Your Apache Version
In later versions of Apache, the
ServerTokens option replaces
ServerSignature as the means by which you determine how much information Apache gives about itself.
Then bounce the service:
(thanks to Mike M. for the inspiration to post this.)