Disable Script Execution Using .htaccess
You can disable scripts being run in the directory of your choice by adding the following code to your .htaccess file in that directory
This would be particularly useful if you allow visitors to upload files to your server, but want to be sure that any potentially harmful files they upload are not allowed to execute.
AddHandler cgi-script .php .pl .jsp .asp .sh .cgi
Options -ExecCGI
You can replace the file types in the example with the file types you wish to disallow using .htaccess.
How to disable serversignature using .htaccess
To disable the server’s signature used to identify the server, use the following code in your .htaccess file:
VNC ( Virtual Network Computing )
Installing the required packages
Make sure to install a window manager in order to get a normal GUI desktop.
yum groupinstall “GNOME Desktop Environment”
to install the Gnome Desktop and requirements, for example.
The server package is called ‘vnc-server’. Run the command
VNC is used to display an X windows session running on another computer. Unlike a remote X connection, the xserver is running on the remote computer, not on your local workstation. Your workstation ( Linux or Windows ) is only displaying a copy of the display ( real or virtual ) that is running on the remote machine.
If the server is not installed, install it with the command:
The client program is ‘vnc’. You can use the command
Apache Security: Hide Apache Web Server Version number
Apache Web Server Version number with ServerSignature and ServerTokens directives
Open your httpd.conf file using text editor such as vi:
There are two config directives that controls Apache version. The ServerSignature directive adds a line containing the Apache HTTP Server server version and the ServerName to any server-generated documents, such as error messages sent back to clients. ServerSignature is set to on by default. The ServerTokens directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.
Append/modify config directive as follows:
ServerSignature Off
ServerTokens Prod
Save and close the file. Restart Apache web server:
/etc/init.d/httpd restart
Disabling services in RPM distros
There are several services running by default that may be safely disabled. First, we’ll generate a list of services that are enabled at runlevel 3.
chkconfig –list | awk ‘/3:on/ { print $1 }’
We will disable the following services
gpm kudzu netfs anacron atd apmd pcmcia nfslock isdn autofs portmap rhnsd
for SERVICE in gpm kudzu netfs anacron atd apmd pcmcia nfslock isdn autofs portmap rhnsd
do
/sbin/chkconfig $SERVICE off
/sbin/service $SERVICE stop
done
