Apache Security: Hide Apache Web Server Version number
Apache Web Server Version number with ServerSignature and ServerTokens directives
Open your httpd.conf file using text editor such as vi:
There are two config directives that controls Apache version. The ServerSignature directive adds a line containing the Apache HTTP Server server version and the ServerName to any server-generated documents, such as error messages sent back to clients. ServerSignature is set to on by default. The ServerTokens directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.
Append/modify config directive as follows:
ServerSignature Off
ServerTokens Prod
Save and close the file. Restart Apache web server:
/etc/init.d/httpd restart
TCP and UDP Ports for Cpanel Server Firewall
Incoming TCP ports
TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,2242″
Outgoing TCP ports
TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,2087,2089,2703″
Incoming UDP ports
Outgoing UDP ports
UDP_OUT = “20,21,53,113,123,873,6277″
Security Checks During Server Compromise
We can use some techniques and tools to investigate our server if we suspect they’ve been compromised.
Compromised as a result of various factors: weak passwords, weak iptables rules, older versions of software with known exploits, and more.
Below command helps you check for any “backdoors” which have been opened on your server.
#
netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 117.214.112.13:53 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.1:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.1:3128 192.168.1.2:53704 ESTABLISHED
tcp 0 0 192.168.1.1:3128 192.168.1.2:53705 ESTABLISHED
tcp 0 0 192.168.1.1:22 192.168.1.2:33097 ESTABLISHED
tcp 0 0 192.168.1.1:3128 192.168.1.2:53703 ESTABLISHED
tcp 0 0 192.168.1.1:3128 192.168.1.2:53702 ESTABLISHED
tcp 0 0 192.168.1.1:3128 192.168.1.2:35523 ESTABLISHED
tcp6 0 0 :::53 :::* LISTEN
tcp6 0 0 ::1:953 :::* LISTEN
Sniff for any connections to a particular port using tcpdump
#
tcpdump -v src port 3128
07:58:07.756470 IP (tos 0×0, ttl 64, id 20876, offset 0, flags [DF], proto TCP (6), length 52) laptop.ss.com.3128 > dell.local.36737: ., cksum 0×130f (correct), ack 3466497798 win 482
^C
1 packets captured
1 packets received by filter
0 packets dropped by kernel
This will capture all the packets with destination port 3128.
To list all the open IP sockets associated with your SSH server run the following command:
#
lsof -i:22
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 2701 root 3u IPv4 7109 TCP laptop.ss.com:ssh (LISTEN)
sshd 3891 root 3r IPv4 12124 TCP laptop.ss.com:ssh->dell.local:33097 (ESTABLISHED)
lsof can be used to display all his running processes for a particular user.
More example can be found in the man pages for lsof.
OpenLDAP server daemon slapd Installation in Ubuntu
First, install the OpenLDAP server daemon slapd and ldap-utils, a package containing LDAP management utilities:
sudo apt-get install slapd ldap-utils
By default slapd is configured with minimal options needed to run the slapd daemon.
The configuration example in the following sections will match the domain name of the server. For example, if the machine’s Fully Qualified Domain Name (FQDN) is ldap.example.com, the default suffix will be dc=example,dc=com.
Populating LDAP
OpenLDAP uses a separate directory which contains the cn=config Directory Information Tree (DIT). The cn=config DIT is used to dynamically configure the slapd daemon, allowing the modification of schema definitions, indexes, ACLs, etc without stopping the service.
Checking your outgoing mail server (Is Port 25 blocked?)
Many email clients and services use port 25 for SMTP to send out emails. However an ISP (Internet Service Provider) may block port 25 in order to prevent spamming by its customers. Here is how you can check to see if port 25 is blocked on your network.
1. Type the following command:
telnet serverbuddies.com 25
2. View Results:
If port 25 is not blocked you will get a successful 220 response (text may vary).
telnet serverbuddies.com 25
Trying 67.228.43.85…
Connected to serverbuddies.com.
Escape character is ‘^]’.
220-box.serverbuddies.com ESMTP Exim 4.69 #1 Mon, 07 Jun 2010 02:23:15 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
If port 25 is blocked you will get a connection error or no response at all.
Trying 67.228.43.85…
telnet: connect to address 67.228.43.85: Connection refused
telnet: Unable to connect to remote host
