Take Back the Darknet [Part 7]

Part 7 - Hardening Apache and Secure Shell

Next up we harden Apache and OpenSSH for the glass is always half empty. Start off by editing the security configuration file for Apache2.

sudo nano /etc/apache2/conf-available/security.conf

Change

ServerTokens OS

to

ServerTokens Prod

and change

ServerSignature On

to

ServerSignature Off

Save and exit, Ctrl-O (Writeout) and Ctrl-X (Exit)

Edit the main Apache configuration file.

sudo nano /etc/apache2/apache2.conf

Add the line, you can substitute tim with something more relevant to your own
website.

"ServerName tim"

Then restart Apache2

sudo service apache2 restart

Edit the SSH daemon configuration file.

sudo nano /etc/ssh/sshd_config

Change

PermitRootLogin without-password

to

PermitRootLogin no

Change

Port 22

to

Port 38192

And restart the SSH service by doing a reboot.

sudo reboot

Logging in with SSH (Secure SHell) is now slightly different as we have changed the default port from 22 to 38192 (or any other number you wanted as long as it doesn’t clash with an existing one.

ssh tim@xxx.xxx.xxx.xxx -p 38192

Advance onward to part 8 or head back to the table of contents on page 1.

Leave a Reply