TagUbuntu

Hide Apache server signature

In default Apache write server signatures to HTTP-responses. In production server this is not recommended action, because it gives more attacking area to criminals. Web servers would like to advice themselves and that is the reason why they add their signatures in default to HTTP-responses.

In this post I will show you how to hide unnecessary Apache server signature.

Tested on Ubuntu 14.04 and Ubuntu 12.04.

At beginning

you can watch how your server HTTP-response looks like now. Do HTTP-request e.g. with curl:

$ curl -I http://yourdomain.com

There is your HTTP-header and now you see exactly what all informations Apache gives to client. We still want to limit information of our server from outside.

Hide Apache signatures

At first open Apache configuration file apache2.conf

$ sudoedit /etc/apache2/apache2.conf

Add two lines on below to apache2.conf

ServerTokens Prod
ServerSignature Off

Save file and reload Apache daemon

$ sudo service apache2 reload

Hide also information of PHP

If you are using PHP HTTP-header also contain some information of PHP. Here is the way how to hide it.

Open php.ini

$ sudoedit /etc/php5/apache2/php.ini

In default expose_php is set to On, but now you take it Off

; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header).  It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
expose_php = Off

After changes you have to reload Apache

$ sudo service apache2 reload

Now you’re a little further safe.

Puppet parameterized class and Varnish reverse proxy

I am writing this post as part of course Linuxin keskitetty hallinta held by Tero Karvinen. In this article I will install Varnish reverse proxy and change its port by Puppet parametrized class. Double weeks ago I did article for how you install Apache with Puppet: http://nikokiuru.com/2013/11/puppet-package-file-service-example/.

Create new module

Remember first start by hello world! http://nikokiuru.com/2013/11/hello-puppet/

$ mkdir -p modules/varnishd/manifests/
$ nano modules/varnishd/manifests/init.pp

Code in init.pp:

class varnishd ($varnish_port = 80, $backend_port = 8080) {

  package {"varnish":
    ensure => "installed",
  }

  service {"varnish":
    ensure => "running",
    enable => "true",
    require => Package["varnish"],
  }

}

Run module:

$ puppet apply --modulepath modules/ -e 'class {"varnishd":}'

Create templates

First copy and modify varnish default config-file:

$ mkdir modules/varnishd/templates/
$ cp /etc/default/varnish modules/varnishd/templates/varnish.erb
$ nano modules/varnishd/templates/varnish.erb

Change port 6081 to variable @varnish_port:

DAEMON_OPTS="-a :<%= @varnish_port %> \

And next copy and modify varnish backend service config-file:

$ cp /etc/varnish/default.vcl modules/varnishd/templates/default.vcl.erb
$ nano modules/varnishd/templates/default.vcl.erb

Change backend port to variable @backend_port:

.port = "<%= @backend_port %>";

And last add two file method in init.pp

$ nano modules/varnishd/manifests/init.pp

And code in init.pp:

class varnishd ($varnish_port = 80, $backend_port = 8080) {
  package {"varnish":
    ensure => "installed",
  }

  service {"varnish":
    ensure => "running",
    enable => "true",
    require => Package["varnish"],
  }

  file { "/etc/default/varnish":
    content => template("varnishd/varnish.erb"),
  }

  file { "/etc/varnish/default.vcl":
    content => template("varnishd/default.vcl.erb"),
  }

}

Finally run command:

$ puppet apply --modulepath modules/ -e 'class {"varnishd":}'

Test

$ curl -I localhost

Result:

HTTP/1.1 200 OK
Server: Apache/2.2.22 (Ubuntu)
Last-Modified: Thu, 21 Nov 2013 19:08:06 GMT
ETag: "c40836-d-4ebb49e1a8e3c"
Vary: Accept-Encoding
Content-Type: text/html
Transfer-Encoding: chunked
Date: Thu, 21 Nov 2013 19:29:59 GMT
X-Varnish: 1215889787
Age: 0
Via: 1.1 varnish
Connection: keep-alive

PuppetMaster and slaves on Ubuntu 12.04

I am writing this post as part of course Linuxin keskitetty hallinta held by Tero Karvinen. In this post I will be install PuppetMaster and I share my puppet configures to my slaves computers (virtual machines). This is very important part of centralized management because after that you will be able to manage your managed computers software in one place.

In this instructions I use multiple virtual machines by vagrant. If you want to use vagrant too, I have getting started post here: http://nikokiuru.com/2013/11/vagrant-boot-multiple-virtual-machines/

Preinstall PuppetMaster I was getting up two virtual machines master and slave with same hostnames.

In Ubuntu 12.04 is not default installed avahi-daemon, so .local (mDNS) domains are not available. We would like to use .local domains with puppet, so we install avahi-daemon:

master$ sudo apt-get -y install avahi-daemon

I ping master computer by slave to verify that everything working as well:

slave$ ping master.local

Install PuppetMaster

master$ sudo apt-get -y install puppetmaster

Configure PuppetMaster

In some cases is better first delete puppet ssl certificates. Puppet genereta it to back when we start PuppetMaster again.

master$ sudo service puppetmaster stop
master$ sudo rm -r /var/lib/puppet/ssl

Modify Puppet config-file:

master$ sudoedit /etc/puppet/puppet.conf

Add master’s host under [master] -tag

dns_alt_names = puppet, master.local

Start PuppetMaster:

master$ sudo service puppetmaster start

Connecting slaves

Install puppet:

slave$ sudo apt-get -y install puppet

And modify config-file:

slave$ sudoedit /etc/puppet/puppet.conf

Add master DNS name under [agent] -tag:

[agent]
server = master.local

Modify puppet to start automatically:

slave$ sudoedit /etc/default/puppet

Change start to yes:

START=yes

Start puppet:

slave$ sudo service puppet restart

Accept Slave certificate

master$ sudo puppet cert --list

master$ sudo puppet cert --sign slave1.example.com

Create new Puppet module

master$ cd /etc/puppet

master$ sudo mkdir -p modules/hello/manifests/

master$ sudoedit modules/hello/manifests/init.pp
class hello {
  file { '/tmp/hello':
    content => "Hello PuppetMaster!\n"
  }
}

Create site manifest

master$ cd /etc/puppet
master$ sudoedit manifests/site.pp

Add next code line in site.pp:

class{"hello":}

Test

slave$ sudo service puppet restart
slave$ less /tmp/hello

If hello file is no there immediately, wait some time and try again.

Source:
http://terokarvinen.com/2012/puppetmaster-on-ubuntu-12-04

Vagrant boot multiple virtual machines

Vagrant is excellent tool for creating easily new virtual machines. It takes less than 1 minute (image downloading take some times) getting vagrant up. If you would like to management multiple virtual machines easily select vagrant. In this instructions we create first new virtual machine and after that we build same time multiple virtual machines.

Install Vagrant

$ sudo apt-get -y install vagrant virtualbox

Next you download Ubuntu 14.04 (trusty32) box (like vagrant call their images). When we add image to box vagrant keep its in the memory, and we could then use it to later:

$ vagrant box add trusty32 http://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-i386-vagrant-disk1.box

Generating vagrant’s initializing file. Vagrantfile generating in to same directory where you give that command. Vagrantfile include config class which tell vagrant what you want to do with it. Now we just want to do only one virtual machine, but later we have to little bit modify this config-file, if we want to building up multiple virtual machines:

$ vagrant init trusty32

Set Vagrant up

$ vagrant up

And take connect to vagrant by ssh:

$ vagrant ssh

If you want destroy our virtual machine, you could give command:

$ vagrant destroy

Multiple virtual machines

Now we are successfully create new virtual machine. But, we want something more. We would like to create multiple virtual machines. First we have little modify our config vagrantfile.

$ nano Vagrantfile

And Vagrantfile code is:

Vagrant::Config.run do |config|
  config.vm.define "virtual1" do |v|
    v.vm.box = "trusty32"
  end
  config.vm.define "virtual2" do |v|
    v.vm.box = "trusty32"
  end
end

We made two virtual machines “virtual1” and “virtual2”. Line v.vm.box = “trusty32” tell that we use trusty32 box.

Set up multiple Vagrants

$ vagrant up

Virtual machines getting up, and when they are ready you can take connect to them by command:

$ vagrant ssh virtual1

or

$ vagrant ssh virtual2

And you can destroy them by command:

$ vagrant destroy

Source

http://docs.vagrantup.com/v2/multi-machine/
http://terokarvinen.com/2012/vagrant-ubuntu-12-04-create-boot-new-virtual-machine-vagrant-ssh-virtualbox-apt-get

EDIT 2014-10-05: Update precise32 (Ubuntu 12.04) to trusty32 (Ubuntu 14.04).

Puppet templates and facter facts hello world

I am writing this post as part of course Linuxin keskitetty hallinta held by Tero Karvinen. In this post I will write hello world module which use puppet templates and facter facts (ex. my hardware details).

See your computer details

When we run facter command, we will see our computer details. Read more: http://www.puppetcookbook.com/posts/list-facter-facts.html

$ facter -p

Create new module

Create new view for hardware_details module:

$ mkdir -p modules/hardware_details/templates/
$ nano modules/hardware_details/templates/details.erb

The code in details.erb:

Hardware model: <%= @hardwaremodel %>
Kernel version: <%= @kernelmajversion %>
Puppet version: <%= @puppetversion %>
Ruby version: <%= @rubyversion %>

Create new directory:

$ mkdir modules/hardware_details/manifests

Do next class in file modules/hardware_details/manifests/init.pp:

class hardware_details {
  file { '/tmp/hardwareDetail':
    content => template('hardware_details/details.erb'),
  }
}

Run puppet module:

$ puppet apply --modulepath modules/ -e 'class {"hardware_details":}'

Test module

Last we verify that module works right:

$ less /tmp/hardwareDetails

My result:
Hardware model: x86_64
Kernel version: 3.2
Puppet version: 2.7.11
Ruby version: 1.8.7

© 2017 Niko Kiuru

Theme by Anders NorenUp ↑