Dave's Brain

Browse - computer tips - safer greetings

Date: 2007nov7
Subject: Security Through Obscurity

Q.  Can I make my Internet-facing daemons more secure?

A.  Its a good idea not to give potienal hackers the name
and version of your server.  They might know a crack for it.
Many Linux servers do just this by default.
You can change the following configuration files to display
a generic greeting:

Davecot
-------
File /etc/dovecot.conf
	login_greeting = IMAP/POP Server ready

vsftpd
------
File /etc/vsftpd/vsftpd.conf
	ftpd_banner=FTP Server ready

Proftpd
-------
File /etc/proftpd.conf
	ServerIdent on "FTP Server ready"

Postfix
-------
File /etc/postfix/main.cf
	#smtpd_banner = $myhostname ESMTP $mail_name
	#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
	mail_name = The-Mailer

Apache
------
File /etc/http/conf/httpd.conf
	ServerTokens Prod
	ServerSignature Off

Test
----
Restart the services and check with these commands:

telnet localhost pop3 </dev/null

sleep 1 | telnet localhost ftp

telnet localhost smtp </dev/null

Test Apache my hitting an page that doesn't exist:
http://www.example.com/page_that_does_not_exist

Add a comment

Sign in to add a comment
Copyright © 2008, dave - Code on Dave's Brain is licensed under the Creative Commons Attribution 2.5 License.