Bullet-proof Apache: Nikto Security Scanner

apache

If you’ve ever been responsible for maintaining an Apache web server, you know how important security is.

Nikto provides an easy way to scan for known (and unknown) vulnerabilities within your Apache server.  Actually, it does a fairly comprehensive scan on over 200 web servers, not just Apache.  To run a security scan, download the tool, then extract the archive to the desired location.  To initiate a scan from the Nikto directory, type:

[code]

./nikto.pl -host [ip address]

[/code]

Note: when specifying an IP address, make sure you use the external IP of your webserver, not the internal IP.

Here is what my results look like:

[code]
- Nikto v2.03/2.04
---------------------------------------------------------------------------
+ Target IP:          10.0.0.1
+ Target Hostname:    blurred for security
+ Target Port:        80
+ Start Time:         2009-01-26 16:44:36
---------------------------------------------------------------------------
+ Server: Apache
+ OSVDB-3092: GET /manual/ : Web server manual found.
+ OSVDB-3268: GET /manual/images/ : Directory indexing is enabled: /manual/images
+ OSVDB-3233: GET /icons/README : Apache default file found.
+ 3577 items checked: 3 item(s) reported on remote host
+ End Time:        2009-01-26 16:45:25 (49 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Test Options: -host 10.0.0.1
---------------------------------------------------------------------------
[/code]

I would then look up the results and fix each issue until there have been no issues detected.  See the OSVDB-ID?  These IDs are found in the Open Source Vulnerability Database.  Each ID will contain a description, classification, and solution.

To aid in your research, I have created an OSVDB Firefox search plugin.  Install the plugin and then search for 3092, 3268, 3233, etc.

Hopefully this makes securing your web server quick & painless.

 

About Benjamin Perove

Benjamin has been associated with computer technology starting from a very early age, and has contributed to the success of many businesses and enterprises since 2001. He loves to crush pow at Keystone, play acoustic guitar, climb rocks, and ascend mountains on his road bike. Benjamin is an Avalanche fan and currently resides in Boulder, Colorado.

Find Linux CPU Temperature

The easiest way to get a CPU temperature readout from Linux is by looking at an ACPI function called temperature:
[code]
cat /proc/acpi/thermal_zone/THRM/temperature
[/code]

You could also try sensors-detect and then sensors, but I had some trouble detecting the correct modules on 8 year old hardware.

 

About Benjamin Perove

Benjamin has been associated with computer technology starting from a very early age, and has contributed to the success of many businesses and enterprises since 2001. He loves to crush pow at Keystone, play acoustic guitar, climb rocks, and ascend mountains on his road bike. Benjamin is an Avalanche fan and currently resides in Boulder, Colorado.

Install Microsoft TrueType Fonts in Fedora and Ubuntu

When it comes to typography, Microsoft TrueType fonts are both visually appealing and aesthetically pleasing. They’re found all over the web, usually specified in stylesheets. Unfortunately for Linux users, the most common TTFs aren’t installed (by default, that is). Instead, they are replaced by generic equivalents. With these font packages installed, you will see websites as the designer intended.

The Microsoft TrueType fonts package includes:

  • Andale Mono
  • Arial Black
  • Arial (Bold, Italic, Bold Italic)
  • Comic Sans MS (Bold)
  • Courier New (Bold, Italic, Bold Italic)
  • Georgia (Bold, Italic, Bold Italic)
  • Impact
  • Times New Roman (Bold, Italic, Bold Italic)
  • Trebuchet (Bold, Italic, Bold Italic)
  • Verdana (Bold, Italic, Bold Italic)
  • Webdings

Installing MS TrueType fonts in Ubuntu

You can install the MS core fonts by installing the msttcorefonts package. You will need to enable the “Universe” component of the repositories (done by default in Feisty & Hardy). After that, run the following from the command line:

[code]
$sudo apt-get install msttcorefonts
[/code]

While this gives you the core fonts, it also gives you the ability to install any other font by simply copying the .TTF to the ~/.fonts/ directory.

When installing new fonts, you’ll need to re-login to be able to see & use them. Optionally, this step can be bypassed by regenerating the fonts cache with:

[code]
$sudo fc-cache -fv
[/code]

Installing MS TrueType fonts in Fedora

Yep, a few extra steps in Fedora, but still a cinch. From the shell:

[code]
cd /tmp
wget http://corefonts.sourceforge.net/msttcorefonts-2.0-1.spec
yum install rpm-build cabextract
rpmbuild -ba msttcorefonts-2.0-1.spec
yum localinstall --nogpgcheck \
/usr/src/redhat/RPMS/noarch/msttcorefonts-2.0-1.noarch.rpm
[/code]

That should do it. Reinitialize the font cache, re-login or reboot and have another look at this site (with Georgia).

 

About Benjamin Perove

Benjamin has been associated with computer technology starting from a very early age, and has contributed to the success of many businesses and enterprises since 2001. He loves to crush pow at Keystone, play acoustic guitar, climb rocks, and ascend mountains on his road bike. Benjamin is an Avalanche fan and currently resides in Boulder, Colorado.

Upgrade Fedora 8 to Fedora 9 Using PreUpgrade

Fedora 9 was released this past Tuesday. The upgrade process has changed slightly, with the Fedora Project integrating a new tool called PreUpgrade.

To upgrade, make sure your system is fully updated with:

[code]
yum -y update
[/code]

and reboot when the process has completed successfully (in case it installed a new kernel).

From here, we can install the new PreUpgrade with:

[code]
yum install preupgrade
[/code]

When that finishes, kick it off with:

[code]
preupgrade &
[/code]

As we proceed through the wizard, your screens will resemble:

F9 Upgrade 1

Click Forward.

F9 Upgrade 2

The new release will be chosen by default. Click Apply.

F9 Upgrade 3

At this point, new packages are downloaded which may take some time. Grab some coffee while the downloads transfer.

F9 Upgrade 4

Finished! Reboot and we will see a screen like this:

F9 Upgrade 5

The remaining portion of the upgrade will be completed by Anaconda, which took approximately 5 hours on my system. Proceed by clicking Next.

F9 Upgrade 6

“Upgrade an existing installation” is preselected, hit Next to continue.

F9 Upgrade 7

Here you are prompted to upgrade the GRUB boot loader. This is the best thing to do. Click Next. The following series of screens are shown as the upgrade progresses:

F9 Upgrade 8

F9 Upgrade 9

F9 Upgrade 10

F9 Upgrade 11

Ah, here we are. We find ourselves at the final screen, indicating the success of the upgrade. Word. Reboot. And that should conclude the process.

In my opinion, this upgrade was 1000x better than the upgrade from F7 to F8. I ran into all kinds of issues then, but this was better.

Having gone through the steps now, what was your upgrade experience like?

 

About Benjamin Perove

Benjamin has been associated with computer technology starting from a very early age, and has contributed to the success of many businesses and enterprises since 2001. He loves to crush pow at Keystone, play acoustic guitar, climb rocks, and ascend mountains on his road bike. Benjamin is an Avalanche fan and currently resides in Boulder, Colorado.

Disable IPv6 in Ubuntu 8.04

Some may find that out-of-the-box, Hardy Heron’s network performance is painfully slow. By default, IPv6 is enabled, and chances are good that your nearest router can’t speak the language nor interpret DNS requests efficiently.

To disable IPv6, open a shell and append the following to /etc/modprobe.d/blacklist:

[code]
# disable ipv6
blacklist ipv6
[/code]

Reboot.

To verify that IPv6 is disabled, run

[code]
lsmod | grep ipv6
[/code]

or

[code]
ip a | grep inet6
[/code]

The commands shouldn’t return any information. Firefox browsing speeds should be much improved.

 

About Benjamin Perove

Benjamin has been associated with computer technology starting from a very early age, and has contributed to the success of many businesses and enterprises since 2001. He loves to crush pow at Keystone, play acoustic guitar, climb rocks, and ascend mountains on his road bike. Benjamin is an Avalanche fan and currently resides in Boulder, Colorado.

Next Page »

Add this site to your Firefox Search Bar

Twitter Updates


No public Twitter messages.

Recent Entries

Topics

Archives

This site is optimized for Firefox.