当前位置:网站首页>National vocational college skills competition network security competition -- detailed explanation of Apache security configuration
National vocational college skills competition network security competition -- detailed explanation of Apache security configuration
2022-07-24 18:33:00 【Wangzai sec】
Apache Security configuration
Mission environment description :
- Server scenario :A-Server
- Server scenario operating system : Linux
- Server user name :root; password :123456
- Open the server scenario (A-Server), Clear firewall rules from the command line . View the scene on the server apache edition , Submit the viewed service version string completely ;
Flag=Apache/2.2.23 (Unix)
- Detect this version in the server scenario apache Whether there is Show banner Information vulnerabilities , If validation exists , Modify the configuration file to reinforce this vulnerability , And restart Apache service , String the content of this item ( No status ) As flag Submit ;
Flag=ServerSignature
- Check whether the server scenario configuration can browse the system directory , If verification exists, this vulnerability will be in Apache In the configuration file , Find the system root directory /var/www Configuration properties of , Delete the permission of the original content of this attribute , And restart Apache service , Delete the string of this reinforcement item as flag Submit ;
Flag=Indexes
- Reasonably configure the server scenario apache Operating account of , And in httpd.conf Find the running account in , Take the account name configured for this service as flag Submit ;
Flag=nobody
- Configure the server scenario httpd.conf, Restrict forbidden folders , Verify that you can access /var/www/data Under the table of contents index.php, If this vulnerability exists, it needs to be reinforced , Take this reinforced complete string as flag Submit ;( Tips :(<Directory /var/www/data>)***</Directory>* The number is what needs to be added )
Flag=Deny from all
- Configure the server scenario httpd.conf, Limit the specific of some special directories ip visit , Such as internal interface, etc . Modify right data Configuration of directory , Restart apache service . Use the fixed part of the reinforcement item as flag Submit ;
Flag=allow from
边栏推荐
- 怎么解决idea中yaml无法识别或者飘红?
- Problems needing attention in writing pages
- 移动端实现0.5px的实用方案
- Get familiar with pytoch and pytoch environment configuration
- 微信小程序逆向
- Introduction to nipple music theory and personal perception
- 根证书的有效期与服务器SSL证书一样长吗?
- 8. = = and = = =?
- Ionic4 learning notes 10 rotation map of an East Project
- Common methods of string (2)
猜你喜欢
04-分布式资源管理系统YARN
开窗函数(1)-部门工资前三员工
理解动态计算图,requires_grad、zero_grad
下拉列表组件使用 iScroll.js 实现滚动效果遇到的坑
缺失值处理
Calling startActivity() from outside of an Activity context requires the FLAG_ACTIVITY_NEW_TASK flag
Windowing function (1) - top three employees of department salary
JMeter -- silent operation
QT - animation frame
Cf. bits and pieces (subset pressing DP + pruning)
随机推荐
Variable and immutable data types
[verification] only numbers (positive and negative numbers) can be entered
16. What is the difference between target and currenttarget?
4. Basic type and reference type?
Vsftpd2.3.4-端口渗透 6200 irc_3281_backdoor
steam API
奶头乐理论介绍及个人感悟
Array object methods commonly used traversal methods & higher-order functions
全国职业院校技能大赛网络安全竞赛之数据分析数字取证-A
【微信小程序开发】自定义tabBar案例(定制消息99+小红心)
Ionic4 learning notes 12 - a east project grid completes the list of goods
Wechat applet
永恒之蓝MS17-010exp复现
Go小白实现一个简易的go mock server
数组常用方法(2)
Generate publickey with der format public key and report an error
Cryptography knowledge - Introduction to encryption -1
QT - animation frame
Flatten array.Flat (infinity)
Common methods of string (2)