From: Scott Nursten (scottn@s2s.ltd.uk)
Date: Tue Sep 17 2002 - 05:49:01 EDT
Hi Steven,
On 9/16/02 6:05 PM, "Steven Walker" <swalker7799@yahoo.com> wrote:
> 2. I don't know what to do on the web servers other than delete example
> scripts and ensure default passwords are changed to stronger ones. Are
> there any links that you know of that would provide a checklist of iPlanet
> and Apache vulnerability checks. Are there any recommended tools that can
> automate this process? Any suggestions on iPlanet and Apache security?
Firstly, get rid of any unnecessary modules that are loaded by Apache. Don't
forget to get rid of signatures etc ... For Apache use:
ServerSignature Off
ServerTokens Prod
I'm not sure if iPlanet can do anything like that. :) Anyway, furthermore, I
like to drop logs for worms so that log analysis on the webservers shows you
some decent realistic information, so using Request_URI like so will drop
the logs...
SetEnvIf Request_URI "cmd\.exe" ignore=1
CustomLog logs/s2s-access.log combined env=!ignore
Of course, the necessary htaccess to restricted information, proper logging
(perhaps with logchecker checking the accesses on restricted directories
etc). AFAIK that's all you really can do to harden Apache. Besides that,
there are a few security modules etc and make sure things like mod_speling
are disabled and that should be it.
Kind Regards,
-- Scott Nursten -------------------------- S2S Consultants T: 01444 232 742 F: 01444 232 061 W: http://s2s.ltd.uk E: scottn@s2s.ltd.uk -------------------------- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:25 EDT