Hi,
What do you think of customize CentOS web server errors ? See http://wiki.centos.org/ArtWork/WebServerErrors
Cheers, al.
Alain Reguera Delgado wrote:
Hi,
What do you think of customize CentOS web server errors ? See http://wiki.centos.org/ArtWork/WebServerErrors
the first thing I do when I setup a web server is disable any place that advertizes what OS and what version it is running. call it security by obscurity if you like, but I see no reason to provide information that is not necessary to run the service.
it is also a good practice to setup your own error pages, and make them more "useful": http://www.alistapart.com/articles/perfect404/
mouss wrote:
Alain Reguera Delgado wrote:
Hi,
What do you think of customize CentOS web server errors ? See http://wiki.centos.org/ArtWork/WebServerErrors
Can't say I like "Object not found."
What's an object? my wife would wonder. She might understand Document, and she might understand Web Page and the like. Object is just too vague and has too many possible meanings, and which is correct depends enormously on context. OS/2 has objects, they're mostly persistent, and when I encountered them I had enormous difficulty understanding them even though I was already familiar with objects in Turbo Pascal.
the first thing I do when I setup a web server is disable any place that advertizes what OS and what version it is running. call it security by obscurity if you like, but I see no reason to provide information that is not necessary to run the service.
it is also a good practice to setup your own error pages, and make them more "useful": http://www.alistapart.com/articles/perfect404/
60-year-old Doris might not understand "404" but 60-year-old John most certainly does, and if Doris needs to ask him, she needs the technical stuff.
I generally agree with that document, but I think some of the language could be improved.
For example, change but only after he or she has fixed this problem to but only after fixing this problem.
I find many attempts at "non-sexist" language cumbersome or different enough to impede reading and understanding.
If there be people who truly find "only after he has fixed the problem" offensive, then surely my form is inoffensive to them, and it's usually easy enough to find to be not worth the debate. And it's often shorter too.
Also, be wary of use of humour; I once found a very long and humerous 404 explanation from a BSD site, along the lines of "I'm only a computer and I can't be expected to know everything and besides...," and it was rolled out at typing speeds so the tale also had good tension. It might not have seemed so funny on the thirtieth reading though.
mouss wrote:
Alain Reguera Delgado wrote:
the first thing I do when I setup a web server is disable any place that advertizes what OS and what version it is running. call it security by
I meant to byte on this too.
From examining my logs, I've come to think that the notion that this helps security is, along with detecting portscans, one of those security myths.
People who attack my webserver don't appear to test to see what webserver I'm using, they just run their toolkit over it. Many times, they try to crack my IIS even though it's actually Apache, exactly as it says.
Just as they try these, even though there's not Windows box in sight: From 24.64.3.110 - 3 packets To 203.34.16.107 - 3 packets Service: 1026 (udp/1026) (Shorewall:net2fw:DROP:,ppp0,none) - 1 packet Service: 1027 (udp/1027) (Shorewall:net2fw:DROP:,ppp0,none) - 1 packet Service: 1028 (udp/1028) (Shorewall:net2fw:DROP:,ppp0,none) - 1 packet
If a program such as nmap can detect what your OS is, then if a cracker wants to attack Apache sites, it's fair bet that if you're running *X then you're also running Apache.
Alain Reguera Delgado wrote:
Hi,
What do you think of customize CentOS web server errors ? See http://wiki.centos.org/ArtWork/WebServerErrors
Hi Alain,
Are you suggesting we change the 404 page for all web servers within the .cetos.org setup ? In which case, I dont see any reason why we cant do that :D
Or are you suggesting we change it in the httpd packages we ship as a part of CentOS ? In which case, I dont think we can or want to do that. The httpd Server OS is already reported as 'CentOS'
On Wed, Apr 2, 2008 at 10:31 AM, Karanbir Singh mail-lists@karan.org wrote:
Hi Alain,
Are you suggesting we change the 404 page for all web servers within the .cetos.org setup ? In which case, I dont see any reason why we cant do that :D
Well, the Center for Ethics and Toxins may have something to say about you modifying their website (cetos.org), but on *.centos.org the 404's and such would look pretty cool.
:-P
on 4-2-2008 7:31 AM Karanbir Singh spake the following:
Alain Reguera Delgado wrote:
Hi,
What do you think of customize CentOS web server errors ? See http://wiki.centos.org/ArtWork/WebServerErrors
Hi Alain,
Are you suggesting we change the 404 page for all web servers within the .cetos.org setup ? In which case, I dont see any reason why we cant do that :D
Or are you suggesting we change it in the httpd packages we ship as a part of CentOS ? In which case, I dont think we can or want to do that. The httpd Server OS is already reported as 'CentOS'
Careful! You might get another Tuttle incident. ;-P
On 4/2/08, Karanbir Singh mail-lists@karan.org wrote:
Alain Reguera Delgado wrote:
Hi,
What do you think of customize CentOS web server errors ? See http://wiki.centos.org/ArtWork/WebServerErrors
Hi Alain,
Are you suggesting we change the 404 page for all web servers within the .cetos.org setup ? In which case, I dont see any reason why we cant do that :D
Yes. That's it. Just the error pages on web servers within the .centos.org setup.
Thanks, al.
Alain Reguera Delgado wrote:
Are you suggesting we change the 404 page for all web servers within the .cetos.org setup ? In which case, I dont see any reason why we cant do that :D
Yes. That's it. Just the error pages on web servers within the .centos.org setup.
Sounds good to me, Jonny / Lance - opinions ?
puppet can deploy this real quick :D
On Sat, 5 Apr 2008, Karanbir Singh wrote:
Sounds good to me, Jonny / Lance - opinions ?
puppet can deploy this real quick :D
Are you using puppet to manage the centos servers? We're looking at it for the day job. Tired of commercial tools that over promise and under deliver....make that promise and never deliver.
------------------------------------------------------------------------ Jim Wildman, CISSP, RHCE jim@rossberry.com http://www.rossberry.com "Society in every state is a blessing, but Government, even in its best state, is a necessary evil; in its worst state, an intolerable one." Thomas Paine
On Sat, 2008-04-05 at 08:23 -0400, Jim Wildman wrote:
On Sat, 5 Apr 2008, Karanbir Singh wrote:
Sounds good to me, Jonny / Lance - opinions ?
puppet can deploy this real quick :D
Are you using puppet to manage the centos servers? We're looking at it for the day job. Tired of commercial tools that over promise and under deliver....make that promise and never deliver.
Fedora Infrastructure is using puppet to manage some centos and rhel boxes. If you're interested in seeing what we're doing come by #fedora-admin on freenode.
-sv
Jim Wildman wrote:
puppet can deploy this real quick :D
Are you using puppet to manage the centos servers? We're looking at it for the day job. Tired of commercial tools that over promise and under deliver....make that promise and never deliver.
We are starting to use puppet within the centos setup.
I have been using puppet for over two years in various setups at $DayJob, one of which is over 1200 machines.
There is a very active community around puppet at the moment, and is the only real sysadmin system management post-install tool worth using on Linux right now ( imho ).
The chain of (centos::cobbler->puppet->func) makes quite a good combination.
of-course, a conversation for the puppet lists :D
Karanbir Singh wrote:
Are you using puppet to manage the centos servers? We're looking at it for the day job. Tired of commercial tools that over promise and under deliver....make that promise and never deliver.
We are starting to use puppet within the centos setup.
I have been using puppet for over two years in various setups at $DayJob, one of which is over 1200 machines.
There is a very active community around puppet at the moment, and is the only real sysadmin system management post-install tool worth using on Linux right now ( imho ).
Are there any such tools that work cross-platform with windows? I've been poking around in ocsinventory (http://www.ocsinventory-ng.org/) which can deploy and execute things but it seems to be in between versions right now.
The chain of (centos::cobbler->puppet->func) makes quite a good combination.
Drbl/clonezilla is a cross platform system image clone/kickstart mechanism.
of-course, a conversation for the puppet lists :D
Unless you are looking for cross-platform tools.
Les Mikesell wrote:
of-course, a conversation for the puppet lists :D
Unless you are looking for cross-platform tools.
that would still not make the centos-devel the right list. please take the follow up conversation elsewhere.
Karanbir Singh wrote:
of-course, a conversation for the puppet lists :D
Unless you are looking for cross-platform tools.
that would still not make the centos-devel the right list. please take the follow up conversation elsewhere.
What is the right list for a discussion of how to manage Centos in a heterogeneous environment? Or tools that make it easier to introduce Centos into such an environment?
Les Mikesell wrote:
What is the right list for a discussion of how to manage Centos in a heterogeneous environment? Or tools that make it easier to introduce Centos into such an environment?
I dont really care. What I do care about is that this is a list on and about development on the centos distro itself. Your subject has nothing to do with that, so take it away.
-
Alain Reguera Delgado -
Jim Perrin -
Jim Wildman -
John Summerfield -
Karanbir Singh -
Les Mikesell -
mouss -
Scott Silva -
seth vidal