Removing Signatures From Various Packages

Want to support HowtoForge? Become a subscriber!
 
Submitted by MaddinXx (Contact Author) (Forums) on Tue, 2013-07-09 18:34. :: Debian | Security

Removing Signatures From Various Packages

Version 1.0.0
Author: Michel Käser <info [at] rackster [dot] ch>
Last edited 07/07/2013

This tutorial shows you how to remove the Debian signature/version info from packages such as Apache, Postfix or SSH.

There are various reasons to remove the signature (and therefore hide that you are using Debian/a specific version). The most important one is about security. When a hacker knows the distro you are using, he can search for well-known security issues and start an attack against them. If he doesn't know the distro in use, chances to not find any security holes are much larger.

I do not issue any guarantee that this will work for you!

 

1 Apache2 HTTPd

To remove the distro and version info from Apache2 run the following:

nano /etc/apache2/apache2.conf

and append

ServerTokens Prod
ServerSignature off

at the very end of the file.

 

2 Nginx

To remove the version info from Nginx run the following:

nano /etc/nginx/nginx.conf

and append

server_tokens off;

at the very end of the file.

To remove the server/software name from Nginx you need to compile Nginx from source. You can find a tutorial about that here: http://www.howtoforge.com/building-nginx-from-source-on-debian-squeeze.

Make sure to include the HeadersMore module (http://wiki.nginx.org/HttpHeadersMoreModule) and add it during package configuration, e.g.:

--add-module=/usr/local/src/headers-more-nginx-module-0.21

Later on, you can clear the server header by appending

more_clear_headers 'Server';

to /etc/nginx/nginx.conf.

 

3 PHP

To hide that you are using PHP, run the following:

nano /etc/php5/apache2/php.ini
nano /etc/php5/cgi/php.ini
nano /etc/php5/cli/php.ini
nano /etc/php5/fpm/php.ini

and set

; Decides whether PHP may expose the fact that it is installed on the server
; http://php.net/expose-php
expose_php = Off

in every file.

 

4 Postfix

To remove the distro information from Postfix, run the following:

nano /etc/postfix/main.cf

and replace

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)

with

smtpd_banner = $myhostname ESMTP $mail_name

 

5 SSH

To remove the distro information from SSH Daemon, run the following:

nano /etc/ssh/sshd_config

and append

DebianBanner no

at the very end of the file.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.