TurnKey Linux Virtual Appliance Library

Suggested extra security measures for LAMP appliance...

I would like to make a security suggestion to the excelent turkey team.. I advise the following security settings.

In the httpd.conf file, making the following entry default upon install:

 

ServerTokens ProductOnly
ServerSignature Off
 
This will prevent broadcasting to the world what version of linux and apache you have. The less we inform the hackers, the better I guess.
 
We should hide the PHP version of X-Powered-By message by changing the php.ini file:
 

expose_php = Off

 

I would also suggest the team include the fail2ban app, enabled and working by default. Also hardened for the type of enviroment you made turnkey LAMP as. Securing against ssh, webmin, phpmysql manager, webshell and even apache as examples..

 

I also just noticed that the webmin is also advertising it is 1.590 when I issue the HEAD / HTTP/1.0 via telnet.. No idea how to turn that off, any help?

 

I don't see the benefit of advertising version numbers to the public..

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)