Module: check_mk
Branch: master
Commit: 844e2472a0307fb5215ac8a549b2c2556fff7359
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=844e2472a0307f…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Feb 12 18:27:42 2019 +0100
7083 SEC Apache sends out minimal information about the running software and platform to
HTTP clients
The site apache reports information about the running software and platform to
the HTTP clients with each HTTP response using the "Server" HTTP header. It is
common practice to minmize this information using the apache configuration
option "ServerTokens Prod" which we do now for the site apache by default.
We don't modify this setting for the system wide apache. You'll have to
configure the system apache on your own in case you want to configure it to
work in the same way.
Change-Id: Ia70eb2a59ceeb4f2578e551a217abfecae8e9214
---
.werks/7083 | 17 +++++++++++++++++
.../apache-omd/skel/etc/apache/conf.d/security.conf | 3 +++
2 files changed, 20 insertions(+)
diff --git a/.werks/7083 b/.werks/7083
new file mode 100644
index 0000000..89da113
--- /dev/null
+++ b/.werks/7083
@@ -0,0 +1,17 @@
+Title: Apache sends out minimal information about the running software and platform to
HTTP clients
+Level: 1
+Component: omd
+Compatible: compat
+Edition: cre
+Version: 1.6.0i1
+Date: 1549992283
+Class: security
+
+The site apache reports information about the running software and platform to
+the HTTP clients with each HTTP response using the "Server" HTTP header. It is
+common practice to minmize this information using the apache configuration
+option "ServerTokens Prod" which we do now for the site apache by default.
+
+We don't modify this setting for the system wide apache. You'll have to
+configure the system apache on your own in case you want to configure it to
+work in the same way.
diff --git a/omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf
b/omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf
index 8f1d5c1..54635fd 100644
--- a/omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf
+++ b/omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf
@@ -40,3 +40,6 @@
Header always unset Content-Security-Policy
</FilesMatch>
</IfModule>
+
+# Provide minimal information about the running software version and platform to clients
+ServerTokens Prod