Thursday 29 November 2012

Apache Web Server Hardening

Turn off the version give-away:

Edit main Apache config file (if your running RHEL/CentOS/Fedora, you know what to do and probably wont be reading this blog post.):
 sudo nano /etc/apache2/apache2.conf
Add or edit the lines:
ServerSignature Off
ServerTokens Prod
Restart Apache
sudo service apache2 restart

Disable SSL2:

sudo nano /etc/apache2/apache2.conf
Add the following lines or edit them if they exist:
SSLProtocol -ALL +SSLv3 +TLSv1
Restart Apache:
sudo service apache2 restart
From another box, test that sh!t:
openssl s_client -ssl2 -connect SERVERNAME:443
If you haven't got openssl installed on your box, jump off a bridge! No, no I'm kiddin'....right?

Disable the kiddy ciphers (weak):

sudo nano /etc/apache2/apache2.conf
Add the following lines or edit them if they exist:
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
Restart Apache:
sudo service apache2 restart
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)