Bug 1328300 - [RFE] Support arbitrary configuration in apache using the installer
Summary: [RFE] Support arbitrary configuration in apache using the installer
Keywords:
Status: CLOSED DUPLICATE of bug 1305782
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Installer
Version: 6.1.8
Hardware: All
OS: Linux
low
low
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-04-19 01:23 UTC by Paul Wayper
Modified: 2021-12-10 14:38 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-10-13 15:43:37 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Paul Wayper 2016-04-19 01:23:30 UTC
*** Description of problem:

Satellite installation process does not set these two settings in Apache, which reduce information leakage potential:

ServerTokens Prod
ServerSignature Off

Satellite documentation contains no mention of setting these.

These need to be set on both Satellite server and Capsule.

*** Version-Release number of selected component (if applicable):

Satellite 6.1.8

*** How reproducible:

Always

*** Steps to Reproduce:

1. Install Satellite 6.1.8 with separate Capsule
2. Check Apache configuration on the Satellite server and on the Capsule:

grep -r 'Server\(Tokens\|Signature\)' /etc/httpd/conf*

*** Actual results:

/etc/httpd/conf/httpd.conf:ServerTokens OS
/etc/httpd/conf/httpd.conf:ServerSignature On
/etc/httpd/conf.d/03-crane.conf:  ServerSignature Off
/etc/httpd/conf.d/05-foreman.conf:  ServerSignature Off
/etc/httpd/conf.d/15-default.conf:  ServerSignature Off
/etc/httpd/conf.d/25-puppet.conf:  ServerSignature Off
/etc/httpd/conf.d/05-foreman-ssl.conf:  ServerSignature Off

*** Expected results:

/etc/httpd/conf/httpd.conf:ServerTokens OS
/etc/httpd/conf/httpd.conf:ServerSignature On
/etc/httpd/conf.d/03-crane.conf:  ServerTokens Prod
/etc/httpd/conf.d/03-crane.conf:  ServerSignature Off
/etc/httpd/conf.d/05-foreman.conf:  ServerTokens Prod
/etc/httpd/conf.d/05-foreman.conf:  ServerSignature Off
/etc/httpd/conf.d/15-default.conf:  ServerTokens Prod
/etc/httpd/conf.d/15-default.conf:  ServerSignature Off
/etc/httpd/conf.d/25-puppet.conf:  ServerTokens Prod
/etc/httpd/conf.d/25-puppet.conf:  ServerSignature Off
/etc/httpd/conf.d/05-foreman-ssl.conf:  ServerTokens Prod
/etc/httpd/conf.d/05-foreman-ssl.conf:  ServerSignature Off

*** Additional info:

Comment 1 Bryan Kearney 2016-07-26 18:59:12 UTC
Moving 6.2 bugs out to sat-backlog.

Comment 3 Stephen Benjamin 2016-10-13 15:43:37 UTC

*** This bug has been marked as a duplicate of bug 1305782 ***


Note You need to log in before you can comment on or make changes to this bug.