..And that’s why I use to hide the most server signatures I can on production servers.
You won’t stop Hackers from trying to own your linux box, but this will make less trivial to found common vulnerabilities for your exposed services. For example, when people connect to your SSH server on your CentOS box, they are welcomed with a gentle:
CentOS release --.-- (Final) Kernel --- on an ---
NB: this finally came to a change - on CentOS 6, at least, by default no SSH banner is shown. My personal favourite is to greet people in a slightly ‘colder’ way, with a banner like this:
__________________________________________________________ This is a monitored private system. Do not attempt to login unless you are an authorized user. - Note that your IP Address has just been logged - - brute forcing/password guessing is a CRIME - __________________________________________________________
To customize your banner you first have to save your message in a convenient place (let’s say you don’t want to overwrite the standard /etc/issue.net banner with the above message, so we save the banner as a new file, say
/etc/issue.net.ssh), then you can edit /etc/ssh/sshd_config adding the following line:
Don’t forget a service reload to activate the change.
At this point you can think it would be better not to give away too much information about the version of Apache your webserver is running.
Good, just edit the apache configuration file (on CentOS it’s
/etc/httpd/conf/httpd.conf) and add the following lines:
ServerSignature Off ServerTokens Prod
You may also want to keep private informations about your running PHP version. Just modify this line in your
expose_php = Off
An Apache reload will gently do the trick.
There are loads of service exposed out there, feel free to suggest your tips.