Bug #14667
closed
Added by Brian Shaw about 9 years ago.
Updated over 7 years ago.
Category:
External modules
|
|
Description
TRACE should be disabled in Apache per CERT Vulnerability Note VU#867593 (http://www.kb.cert.org/vuls/id/867593)
The attached patch file disables TRACE, ServerSignature, and minimizes ServerTokens to reduce the gathering of attack vector data in a production environment.
Files
Actually attaching the patch file.
- Project changed from Foreman to Installer
- Category changed from Security to External modules
- Status changed from New to Feedback
I'm guessing you're using the Foreman installer? If so, the Apache configuration is managed by the puppetlabs-apache module, so I'd recommend sending a patch to that project if they'll accept it to change the defaults: https://github.com/puppetlabs/puppetlabs-apache
Thank you for the quick response. I am using the installer but, didn't realize that was part of puppet. I will file a change request with them.
Brian
- Status changed from Feedback to Rejected
- Status changed from Rejected to Closed
- Pull request https://github.com/theforeman/foreman-installer/pull/236 added
- Bugzilla link set to 1271144
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by