[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] wish to Cobalt: suppressing "sensitive" information
- Subject: [cobalt-security] wish to Cobalt: suppressing "sensitive" information
- From: Florian Effenberger <florian.effenberger@xxxxxxxxxxxxx>
- Date: Fri, 15 Sep 2000 15:39:55 +0200
Hello,
I have a wish to Cobalt: suppressing "sensitive" information. I want
that as much information as possible is NOT shown, especially program
version numbers. A lot of hacks are only for specific versions, and it
is very easy for a hacker to find out the used versions on a Cobalt.
I could change some things myself, but
1. I do not want to void my warranty, and
2. I do not want to "interfere" with Cobalt's tools :)
I mean the following things:
1.
In the FTP server, with a simple entry in the config file, the version
number and FTP server software is not shown, just something like
"Welcome to FTP". Please use that feature.
2.
On http://www.netcraft.com/whats/ , one can easily see the used HTTP
server. Instead of showing
"Apache/1.3.6 (Unix) mod_perl/1.21 mod_ssl/2.2.8 OpenSSL/0.9.2b",
with a simple entry in httpd.conf, it could just be
"Apache".
3.
When logging on via telnet, one sees Cobalt OS revision and kernel
version.
Cobalt Linux release 5.0 (Pacifica)
Kernel 2.2.14C10 on an i586
If the file /etc/issue.net would be removed/renamed, no information
would be shown. So do it ;-)
4.
Same when telnetting on to port 25 or 110, you see
sendmail's/qpopper's version. Can be turned off in the config file.
Is it possible that you release these things as a patch?
Thanks so much in advance,
Florian
--
Florian Effenberger