I stumbled on some posts about scanning a site and detecting a server services versions. Someone pointed out a nmap tool, and I checked it against my own server. The result was not so good – Apache and ProFTPD reveled its versions. So, I was determined to change that – I want the least version information. The NMAP command is:
nmap -sS -sV -O www.yourserver.com
Secure and hide version information:
- Apache, configuration file, usually at /etc/httpd/conf/httpd.conf
ServerTokens ProductOnly
ServerSignature Off
- ProFTPD, in configuration file, usually at /etc/proftpd.conf
ServerName "My FTP Server"
ServerIdent on "ProFTPD [version] Server (server name) [hostname]"This means, enough is to set, but in Global section:
<global>
ServerIdent on "Generic FTP Server"
</global>And you can change the port, if you want.
- OpenSSH, tcp/22, not possible to change banner but yous should change the port, disable root login, etc.
- Telnet, tcp/23, I prefer to disable Telnet. If not, use this (change file /etc/issue.net)
mv /etc/issue.net /etc/issue.net-original
echo "Windows Server 2008 (Microsoft)" > /etc/issue.net
- PHP, disable expose_php for security reasons in /etc/php.ini
expose_php = 'off'
That’s about it. I believe there is more, and if someone wants to add something, just comment on this post.