Install and Configure
With Ubuntu installing is very straightforward,
...
If you load up your browser and type in the ip address of your server you will see a simple page letting you know Apache is working.
Provide Server Name
Apache is working fine, but during restart you will get the warning message, "apache2: Could not reliably determine the server's fully qualified domain name, using ...".
...
| Code Block | ||
|---|---|---|
| ||
ServerName tinman |
Apache Basic Server Hardening
Here are some of the basic hardening steps I take today.
| Note |
|---|
As with any security notes, I will write a disclaimer that there are more advanced ways to secure Apache. You can go as far as compiling your own custom version but that's out of scope for now. |
Edit /etc/apache2/conf.d/security
set ServerTokens Prod - This turns off all the extra header information sent by Apache. Primarily, it would let a client know what version of Apache is being used. The information could be used to look up vulnerabilities on the particular version of Apache you are running.
...