Apache Security: Hide Apache Web Server Version number
Apache Web Server Version number with ServerSignature and ServerTokens directives
Open your httpd.conf file using text editor such as vi:
There are two config directives that controls Apache version. The ServerSignature directive adds a line containing the Apache HTTP Server server version and the ServerName to any server-generated documents, such as error messages sent back to clients. ServerSignature is set to on by default. The ServerTokens directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.
Append/modify config directive as follows:
ServerSignature Off
ServerTokens Prod
Save and close the file. Restart Apache web server:
/etc/init.d/httpd restart
Disabling services in RPM distros
There are several services running by default that may be safely disabled. First, we’ll generate a list of services that are enabled at runlevel 3.
chkconfig –list | awk ‘/3:on/ { print $1 }’
We will disable the following services
gpm kudzu netfs anacron atd apmd pcmcia nfslock isdn autofs portmap rhnsd
for SERVICE in gpm kudzu netfs anacron atd apmd pcmcia nfslock isdn autofs portmap rhnsd
do
/sbin/chkconfig $SERVICE off
/sbin/service $SERVICE stop
done
The su Command
Upon typing the su command, the user is prompted for the root password and, after authentication, given a root shell prompt.
Once logged in via the su command, the user is the root user and has absolute administrative access to the system. In addition, once a user has attained root, it is possible in some cases for them to use the su command to change to any other user on the system without being prompted for a password.
Because this program is so powerful, administrators within an organization may wish to limit who has access to the command.
One of the simplest ways to do this is to add users to the special administrative group called wheel. To do this, type the following command as root:
In the previous command, replace with the username being added to the wheel group.
Next open the PAM configuration file for su, /etc/pam.d/su, in a text editor and remove the comment [#] from the following line:
auth required /lib/security/pam_wheel.so use_uid
Doing this will permit only members of the administrative group wheel to use the program.
The root user is part of the wheel group by default.
Changing the SSH Port Number
To change the SSH port number login as root, and edit /etc/ssh/sshd_config
Find the line that says Port 22 and change 22 to any number between 1024->65535 (above 30000 is best) and save the file.
Once done, run:
Now start a new SSH session (don’t close your existing one), to make sure that you can get in.
-p port
Port to connect to on the remote host. This can be specified on a per-host basis in the configuration file.
MySQL - reset a lost MySQL root password
The MySQL root password allows full access to the MySQL database and allows for all actions to be undertaken including creating new users, new databases, setting access rules and so on.
The first thing to do is stop MySQL.
sudo /etc/init.d/mysql stop
Now start mysql in safe mode.
Next we need to start MySQL in safe mode - that is to say, we will start MySQL but skip the user privileges table.
sudo mysqld_safe –skip-grant-tables &
*ampersand (&) at the end of the command is required.
Login
Next, instruct MySQL which database to use:
Reset password
Enter the new password for the root user as follows:
update user set password=PASSWORD(”mynewpassword”) where User=’root’;
and finally, flush the privileges and then stop and start mysql.
