Friday, February 12, 2010

Networking with Linux : Securing Apache

Lets talk about the security of Apache web server a bit. One of the standard way is to use SSL but there are lot many tutorials available for that. So I will discuss hardening of Apache by changing configurations in relevant files.
When I say configuration file I mean /etc/apache2/httpd.conf in Fedora and similar distros or /etc/apache2/apache2.conf in Ubuntu and similar distros.

One of the major issues you might face is that your server might send some critical information about your OS and version to client. Hackers can utilize vulnerabilities of the OS and can play with your server. So first of all lets turn off the signature of your server. Open /etc/apache2/conf.d/security. Change ServerTokens Full or ServerTokens OS to ServerTokens Prod. Next switch Off your ServerSignature by ServerSignature Off.

Now let us try to ban a misbehaving IP. Go to /etc/apache2/sites-enabled/ and open the default configuration file. Locate the following lines:

      Options Indexes FollowSymLinks MultiViews
      AllowOverride None
      Order allow,deny
      allow from all

Now all you have to do is to insert the following line after allow from all to ban a particular ip:
      deny from xxx.xxx.xxx.xxx
Insert the IP in place of x's. You can also ban a particular range of IP addresses by using netmask.
example :       deny from xxx.xxx.xxx.xxx/24


Now lets check out how secure your server is. We are going to install a tool named Nikto. It checks the vulnerabilities of the servers. Ubuntu users can simply fire the following command to get Nikto while other Linux users might have to user the tar ball from the Nikto website. The command is:
sudo apt-get install nikto
Now on the terminal just write sudo nikto -host localhost. Nikto will give you all the holes present in your Apache server.
Check out the vulnerabilities and try to remove them. Have fun!