Bug 1328300

Summary: [RFE] Support arbitrary configuration in apache using the installer
Product: Red Hat Satellite Reporter: Paul Wayper <pwayper>
Component: InstallerAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED DUPLICATE QA Contact: Katello QA List <katello-qa-list>
Severity: low Docs Contact:
Priority: low    
Version: 6.1.8CC: chartwel, cjh, mmello, sokeeffe, stbenjam, xdmoon
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-13 15:43:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Paul Wayper 2016-04-19 01:23:30 UTC 
*** Description of problem:

Satellite installation process does not set these two settings in Apache, which reduce information leakage potential:

ServerTokens Prod
ServerSignature Off

Satellite documentation contains no mention of setting these.

These need to be set on both Satellite server and Capsule.

*** Version-Release number of selected component (if applicable):

Satellite 6.1.8

*** How reproducible:

Always

*** Steps to Reproduce:

1. Install Satellite 6.1.8 with separate Capsule
2. Check Apache configuration on the Satellite server and on the Capsule:

grep -r 'Server\(Tokens\|Signature\)' /etc/httpd/conf*

*** Actual results:

/etc/httpd/conf/httpd.conf:ServerTokens OS
/etc/httpd/conf/httpd.conf:ServerSignature On
/etc/httpd/conf.d/03-crane.conf:  ServerSignature Off
/etc/httpd/conf.d/05-foreman.conf:  ServerSignature Off
/etc/httpd/conf.d/15-default.conf:  ServerSignature Off
/etc/httpd/conf.d/25-puppet.conf:  ServerSignature Off
/etc/httpd/conf.d/05-foreman-ssl.conf:  ServerSignature Off

*** Expected results:

/etc/httpd/conf/httpd.conf:ServerTokens OS
/etc/httpd/conf/httpd.conf:ServerSignature On
/etc/httpd/conf.d/03-crane.conf:  ServerTokens Prod
/etc/httpd/conf.d/03-crane.conf:  ServerSignature Off
/etc/httpd/conf.d/05-foreman.conf:  ServerTokens Prod
/etc/httpd/conf.d/05-foreman.conf:  ServerSignature Off
/etc/httpd/conf.d/15-default.conf:  ServerTokens Prod
/etc/httpd/conf.d/15-default.conf:  ServerSignature Off
/etc/httpd/conf.d/25-puppet.conf:  ServerTokens Prod
/etc/httpd/conf.d/25-puppet.conf:  ServerSignature Off
/etc/httpd/conf.d/05-foreman-ssl.conf:  ServerTokens Prod
/etc/httpd/conf.d/05-foreman-ssl.conf:  ServerSignature Off

*** Additional info:
Comment 1 Bryan Kearney 2016-07-26 18:59:12 UTC 
Moving 6.2 bugs out to sat-backlog.
Comment 3 Stephen Benjamin 2016-10-13 15:43:37 UTC 

*** This bug has been marked as a duplicate of bug 1305782 ***