As part of your system hardening process, verify server tokens for the Apache2 server. The Web server response header of an HTTP response can contain several fields of information. Information includes the requested HTML page, the Web server type and version, the operating system and version, and ports associated with the Web server. This information provides malicious users important information without the use of extensive tools.
The directive ServerTokens must be set to Prod. For example, ServerTokens Prod. This directive controls whether the response header field of the server that is sent back to clients includes a description of the operating system and information about compiled-in modules.
- To verify server tokens, run the cat /etc/apache2/sysconfig.d/global.conf | grep ServerTokens command.
- To modify ServerTokens OS to ServerTokens Prod, run the sed -i 's/\(ServerTokens\s\+\)OS/\1Prod/g' /etc/apache2/sysconfig.d/global.conf command.