| Linode Forum https://forum.linode.com/ |
|
| Masking exim and cyrus-imapd version from nmap scan https://forum.linode.com/viewtopic.php?f=11&t=5230 |
Page 1 of 1 |
| Author: | lava-22 [ Mon Feb 22, 2010 4:23 am ] |
| Post subject: | Masking exim and cyrus-imapd version from nmap scan |
I'm new to linode and very happy thus far. I've spent the last couple weeks observing/securing my server. I'm pretty new to all of this, so I can't say one way or another whether my server is secure. Each day I learn new things and apply what I can. One tool I've used as a sanity check from the outside is nmap. I use it to see what ports are open for an observer from the outside. I'm running Fedora Core 11. When a user queries my server with the following command: Code: nmap -T4 -A -v www.<my-domain-name>.com the following pertinent data is returned: ... ... Discovered open port 80/tcp on xx.xx.xxx.xxx Discovered open port 25/tcp on xx.xx.xxx.xxx Discovered open port 993/tcp on xx.xx.xxx.xxx Discovered open port 995/tcp on xx.xx.xxx.xxx Discovered open port 465/tcp on xx.xx.xxx.xxx Discovered open port 143/tcp on xx.xx.xxx.xxx ... ... PORT STATE SERVICE VERSION 22/tcp closed ssh 25/tcp open smtp Exim smtpd 4.69 ... 80/tcp open http Apache httpd 2.2.13 113/tcp closed auth 143/tcp open imap Cyrus IMAP4 2.3.16-Fedora-RPM-2.3.16-1.fc11 443/tcp closed https 465/tcp open ssl/smtp Exim smtpd 4.69 |_ SSLv2: server still supports SSLv2 993/tcp open ssl/imap Cyrus imapd |_ SSLv2: server still supports SSLv2 995/tcp open ssl/pop3 Cyrus pop3sd |_ SSLv2: server still supports SSLv2 ... I'd like not to broadcast what versions of Exim, Cyrus and Apache I'm using if possible. I would think this info only helps the hacker get in. Thanks in advance for you help. Lava |
|
| Author: | pclissold [ Mon Feb 22, 2010 8:47 am ] |
| Post subject: | |
Recent versions of nmap have a pretty comprehensive set of service and version probes. You could try psad - caveat: I haven't tried it, YMMV. |
|
| Author: | rsk [ Mon Feb 22, 2010 10:36 am ] |
| Post subject: | |
*sigh* Apache: http://httpd.apache.org/docs/2.2/mod/co ... rsignature http://httpd.apache.org/docs/2.2/mod/co ... rvertokens Exim: http://www.exim.org/exim-html-current/d ... l#SECID112 , look for smtp_banner (I believe it HAS to begin with "$smtp_active_hostname ESMTP" for RFC-compliancy; "$smtp_active_hostname ESMTP Exim $version_number $tod_full" is the default, "$smtp_active_hostname ESMTP $tod_full" is a good "safe" option) And first Google hit for "cyrus imap banner": http://www.mail-archive.com/info-cyrus@ ... 36163.html Quote: > I have been googling over there and haven't find the answer to my question
> just another man looking for the same as me... I wanted to change the banner > that cyrus imap and pop sends when you connect to them... basically the > server greeting... I think it could be quite dangerous to show the version > you're running... even the server you're running. Please could be anyway of > doing this? how could I get my goal? For example when you telnet to port 110 > or 143 to be shown : > +OK IMAP Server > and nothing else.... man imapd.conf <quote> serverinfo: on The server information to display in the greeting and capability responses. Information is displayed as follows: "off" = no server information in the greeting or capabilities "min" = servername in the greeting; no server information in the capabilities "on" = servername and product version in the greeting; product version in the capabilities Allowed values: off, min, on </quote> Seems that imapd.conf applies to POP too... and if not, there's porbably equivalent option in popd.conf. YMMV, I use Dovecot. No idea how Fedora's apache and exim config layouts look, so you'll need to grep, I guess. IMO, hiding version IDs doesn't help much... But hey, of you want it... |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|