Difference between revisions of "Security"
| Line 7: | Line 7: | ||
* Turn ''ServerSignature'' to ''Off''. | * Turn ''ServerSignature'' to ''Off''. | ||
* Restart Apache web server. | * Restart Apache web server. | ||
=== Portmapper === | |||
The port mapper (rpc.portmap or just portmap, or rpcbind) is an Open Network Computing Remote Procedure Call (ONC RPC) service that runs on network nodes that provide other ONC RPC services. If you need to run this service, that is perfectly acceptable. However, if this is a mis-configuration, it would be a good idea to stop it. | |||
https://www.shadowserver.org/wiki/pmwiki.php/Services/Open-Portmapper | |||
rpcinfo -T udp -p | |||
program vers proto port service | |||
100000 4 tcp 111 portmapper | |||
100000 3 tcp 111 portmapper | |||
100000 2 tcp 111 portmapper | |||
100000 4 udp 111 portmapper | |||
100000 3 udp 111 portmapper | |||
100000 2 udp 111 portmapper | |||
100024 1 udp 37209 status | |||
100024 1 tcp 45698 status | |||
1) find the executable files which contains portmapper | |||
2) try to uninstall & delete it and make sure we don't uninstall any important programme on the server which is actually used. | |||
1) FIND | |||
find in the changelog whether somebody installed or changed the portmapper | |||
grep -i portmapper Changelog | |||
If you do changes on the server use Changelog : changelog edit file | |||
less Changelog | |||
nano /root/Changelog | |||
which portmapper | |||
where is the executable ? | |||
locate | |||
simply find a file | |||
find out in which package the portmapper is active | |||
apt-cache search portmapper | |||
remotetea - Sun ONC/RPC support for Java | |||
dpkg -l|grep remotetea | |||
gives list of installed packages, and | |||
it is not installed | |||
show the description of a package | |||
apt-cache show rpcbind | |||
=== iptables === | === iptables === | ||
Revision as of 19:50, 29 June 2016
Bogus http requests
Hackers can send bogus http requests to get the server to generate error pages because the information about the server OS and web server version can be useful to them. The information given out by the server seems not sufficiently reduced. Its not a good idea to broadcast the versions of software your running. While it doesn't make your server any more secure, it may make you less of a target. See http://helpinlinux.com/apache-server-tokens/
- Open up /etc/apache2/conf.d/security
- Set ServerTokens OS to Prod.
- Turn ServerSignature to Off.
- Restart Apache web server.
Portmapper
The port mapper (rpc.portmap or just portmap, or rpcbind) is an Open Network Computing Remote Procedure Call (ONC RPC) service that runs on network nodes that provide other ONC RPC services. If you need to run this service, that is perfectly acceptable. However, if this is a mis-configuration, it would be a good idea to stop it.
https://www.shadowserver.org/wiki/pmwiki.php/Services/Open-Portmapper
rpcinfo -T udp -p
program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 37209 status 100024 1 tcp 45698 status
1) find the executable files which contains portmapper 2) try to uninstall & delete it and make sure we don't uninstall any important programme on the server which is actually used.
1) FIND
find in the changelog whether somebody installed or changed the portmapper grep -i portmapper Changelog
If you do changes on the server use Changelog : changelog edit file less Changelog nano /root/Changelog
which portmapper where is the executable ?
locate simply find a file
find out in which package the portmapper is active apt-cache search portmapper remotetea - Sun ONC/RPC support for Java
dpkg -l|grep remotetea gives list of installed packages, and it is not installed
show the description of a package apt-cache show rpcbind
