Apache includes two sample Common Gateway Interface (CGI) scripts, printenv and test-cgi. A production Web server must contain only components that are operationally necessary. These components have the potential to disclose critical information about the system to an attacker.

About this task

As a security best practice, delete the CGI scripts from the cgi-bin directory.

Procedure

To remove test-cgi and prinenv scripts, run the rm /usr/share/doc/packages/apache2/test-cgi and rm /usr/share/doc/packages/apache2/printenv commands.