1328300 – [RFE] Support arbitrary configuration in apache using the installer

Bug 1328300 - [RFE] Support arbitrary configuration in apache using the installer

Summary: [RFE] Support arbitrary configuration in apache using the installer

Keywords:
Status:	CLOSED DUPLICATE of bug 1305782
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	6.1.8
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	Unspecified
Assignee:	satellite6-bugs
QA Contact:	Katello QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-04-19 01:23 UTC by Paul Wayper
Modified:	2021-12-10 14:38 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-10-13 15:43:37 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Paul Wayper 2016-04-19 01:23:30 UTC

*** Description of problem:

Satellite installation process does not set these two settings in Apache, which reduce information leakage potential:

ServerTokens Prod
ServerSignature Off

Satellite documentation contains no mention of setting these.

These need to be set on both Satellite server and Capsule.

*** Version-Release number of selected component (if applicable):

Satellite 6.1.8

*** How reproducible:

Always

*** Steps to Reproduce:

1. Install Satellite 6.1.8 with separate Capsule
2. Check Apache configuration on the Satellite server and on the Capsule:

grep -r 'Server\(Tokens\|Signature\)' /etc/httpd/conf*

*** Actual results:

/etc/httpd/conf/httpd.conf:ServerTokens OS
/etc/httpd/conf/httpd.conf:ServerSignature On
/etc/httpd/conf.d/03-crane.conf:  ServerSignature Off
/etc/httpd/conf.d/05-foreman.conf:  ServerSignature Off
/etc/httpd/conf.d/15-default.conf:  ServerSignature Off
/etc/httpd/conf.d/25-puppet.conf:  ServerSignature Off
/etc/httpd/conf.d/05-foreman-ssl.conf:  ServerSignature Off

*** Expected results:

/etc/httpd/conf/httpd.conf:ServerTokens OS
/etc/httpd/conf/httpd.conf:ServerSignature On
/etc/httpd/conf.d/03-crane.conf:  ServerTokens Prod
/etc/httpd/conf.d/03-crane.conf:  ServerSignature Off
/etc/httpd/conf.d/05-foreman.conf:  ServerTokens Prod
/etc/httpd/conf.d/05-foreman.conf:  ServerSignature Off
/etc/httpd/conf.d/15-default.conf:  ServerTokens Prod
/etc/httpd/conf.d/15-default.conf:  ServerSignature Off
/etc/httpd/conf.d/25-puppet.conf:  ServerTokens Prod
/etc/httpd/conf.d/25-puppet.conf:  ServerSignature Off
/etc/httpd/conf.d/05-foreman-ssl.conf:  ServerTokens Prod
/etc/httpd/conf.d/05-foreman-ssl.conf:  ServerSignature Off

*** Additional info:

Comment 1 Bryan Kearney 2016-07-26 18:59:12 UTC

Moving 6.2 bugs out to sat-backlog.

Comment 3 Stephen Benjamin 2016-10-13 15:43:37 UTC


*** This bug has been marked as a duplicate of bug 1305782 ***

Note You need to log in before you can comment on or make changes to this bug.