From: Sven Vermeulen <swift@stork.gentoo.org>
To: gentoo-doc-cvs@lists.gentoo.org
Subject: [gentoo-doc-cvs] cvs commit: shb-services.xml
Date: Fri, 13 Jun 2008 20:02:26 +0000 [thread overview]
Message-ID: <E1K7FTe-00076y-E7@stork.gentoo.org> (raw)
swift 08/06/13 20:02:26
Modified: shb-services.xml
Log:
#223843 - Updates on ssh and apache configurations
Revision Changes Path
1.9 xml/htdocs/doc/en/security/shb-services.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?rev=1.9&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?rev=1.9&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?r1=1.8&r2=1.9
Index: shb-services.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- shb-services.xml 8 Jul 2007 21:31:31 -0000 1.8
+++ shb-services.xml 13 Jun 2008 20:02:26 -0000 1.9
@@ -1,5 +1,5 @@
<?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v 1.8 2007/07/08 21:31:31 nightmorph Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v 1.9 2008/06/13 20:02:26 swift Exp $ -->
<!DOCTYPE sections SYSTEM "/dtd/book.dtd">
<!-- The content of this document is licensed under the CC-BY-SA license -->
@@ -7,8 +7,8 @@
<sections>
-<version>1.4</version>
-<date>2007-07-08</date>
+<version>1.5</version>
+<date>2008-06-13</date>
<section>
<title>Apache</title>
@@ -23,34 +23,40 @@
<p>
If you did not disable <c>ssl</c> in your <path>/etc/make.conf</path> before
-installing Apache, you should have access to an ssl enabled server. Just add the
-following line to enable it.
+installing Apache, you should have access to an ssl enabled server. Inside
+<path>/etc/apache2/vhosts.d</path> example configuration files can be found.
+These are working examples and it is best to verify those or disable them.
</p>
-<pre caption="/etc/conf.d/apache">
-HTTPD_OPTS="-D SSL"
-</pre>
+<p>
+It is important to define your configuration(s) to listen to a particular IP
+address (rather than all available IP addresses on your system). For instance,
+for the <path>00_default_vhost.conf</path> file:
+</p>
-<pre caption="/etc/apache/conf/apache.conf">
-#Make it listen on your ip
+<pre caption="/etc/apache2/vhosts.d/00_default_vhost.conf">
+<comment># Make it listen on your ip</comment>
Listen 127.0.0.1
-BindAddress 127.0.0.1
-#It is not a good idea to use nobody or nogroup -
-#for every service not running as root
-#(just add the user apache with group apache)
-User apache
-Group apache
-#Will keep apache from telling about the version
+</pre>
+
+<p>
+We also recommend you to disable showing any information about your Apache
+installation to the world. By default, the configuration will add server version
+and virtual host name to server-generated pages. To disable this, change the
+<c>ServerSignature</c> variable to <c>Off</c>:
+</p>
+
+<pre caption="/etc/apache2/modules.d/00_default_settings.conf">
ServerSignature Off
-ServerTokens Prod
</pre>
<p>
Apache is compiled with <c>--enable-shared=max</c> and
<c>--enable-module=all</c>. This will by default enable all modules, so you
should comment out all modules in the <c>LoadModule</c> section
-(<c>LoadModule</c> and <c>AddModule</c>) that you do not use. Restart the
-service by executing <c>/etc/init.d/apache restart</c>.
+(<c>LoadModule</c> and <c>AddModule</c>) that you do not use in the main
+<path>/etc/apache2/httpd.conf</path> configuration file. Restart the
+service by executing <c>/etc/init.d/apache2 restart</c>.
</p>
<p>
@@ -301,7 +307,8 @@
<p>
Netqmail is often considered to be a very secure mail server. It is written with
security (and paranoia) in mind. It does not allow relaying by default and has
-not had a security hole since 1996. Simply <c>emerge netqmail</c> and go configure!
+not had a security hole since 1996. Simply <c>emerge netqmail</c> and go
+configure!
</p>
</body>
</section>
@@ -405,7 +412,10 @@
<p>
Also verify that you don't have <c>UsePAM yes</c> in your configuration file as
-it overrides the public key authentication mechanism.
+it overrides the public key authentication mechanism, or you can disable either
+<c>PasswordAuthentication</c> or <c>ChallengeResponseAuthentication</c>. More
+information about these options can be found in the <path>sshd_config</path>
+manual page.
</p>
<p>
--
gentoo-doc-cvs@lists.gentoo.org mailing list
next reply other threads:[~2008-06-13 20:02 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-13 20:02 Sven Vermeulen [this message]
-- strict thread matches above, loose matches on Subject: below --
2007-07-08 21:31 [gentoo-doc-cvs] cvs commit: shb-services.xml Josh Saddler
2007-06-21 3:31 Josh Saddler
2007-03-07 2:24 Josh Saddler
2006-12-02 0:36 Josh Saddler
2006-03-11 16:44 swift
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1K7FTe-00076y-E7@stork.gentoo.org \
--to=swift@stork.gentoo.org \
--cc=docs-team@lists.gentoo.org \
--cc=gentoo-doc-cvs@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox