From c1620cbfd05f9019ed6a929769624a1894920de3 Mon Sep 17 00:00:00 2001 From: frank Date: Fri, 16 Mar 2012 17:04:26 -0700 Subject: [PATCH] Bug 14347 - Security: Extra files on Secondary Storage VM's Apache root status 14347: resolved fixed --- .../systemvm/debian/config/etc/init.d/cloud-early-config | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config index 7c0e50da142..d3aefbe4788 100755 --- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config +++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config @@ -405,6 +405,10 @@ setup_apache2() { [ -f /etc/apache2/ports.conf ] && sed -i -e "s/NameVirtualHost .*:80/NameVirtualHost $ip:80/g" /etc/apache2/ports.conf [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security + + # Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/ + [ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf + echo "Options -Indexes" > /var/www/html/.htaccess } @@ -631,7 +635,7 @@ setup_secstorage() { setup_sshd $ETH0_IP fi setup_apache2 $ETH2_IP - + disable_rpfilter enable_fwding 0 enable_svc haproxy 0