第 3章
用 Apache 做 Web 服务器
3.5 Apache 安全 3.5.2
隐藏敏感信息
$ telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Mon, 03 Nov 2008 01:37:59 GMT Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.3 with Suhosin-Patch Last-Modified: Mon, 03 Nov 2008 00:46:59 GMT ETag: "34943-2d-45abe48d446c0" Accept-Ranges: bytes Content-Length: 45 Connection: close Content-Type: text/html Connection closed by foreign host.
ServerTokens Prod
$ sudo /etc/init.d/apache2 reload
$ telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Mon, 03 Nov 2008 02:08:43 GMT Server: Apache Last-Modified: Mon, 03 Nov 2008 00:46:59 GMT ETag: "34943-2d-45abe48d446c0" Accept-Ranges: bytes Content-Length: 45 Connection: close Content-Type: text/html Connection closed by foreign host.
3.5.3
不要以 root 身份运行 Apache
$ ps auxf | grep apache hiweed
5536
0.0
0.2
3004
756 pts/0
S+
21:29
0:00
\_ grep
61