Ubuntu/Debian Apache: Hide your server details on error pages

By default, a freshly installed Apache on Debian-based distros print the server name and apache version in the footer of every error pages.

We gain nothing from displaying this information; in fact we are only making it easier for someone to find a known exploit in our version, so we will turn this off.

To turn this off for all VirtualHosts we’ll set it in the main config file, usually found at /etc/apache2/apache2.conf. At the bottom of this file, add:

ServerSignature Off

If you are still using the default config (/etc/apache2/sites-available/default) you will need to remove the line from there. Also check any other config files you might have inherited from anything else running behind apache.

Updated:

Closer inspection shows that the default install has a file in conf.d called security. This is well worth reading as it has a basic secure config ready to be dropped in, including hiding the server details.

Updated even later:

A more complete list of good ways to secure your apache, check out this great post by Anson Cheung.

Advertisements

Var Args in Bash: Sub-arrays using array expansion modifiers

On a recent adventure into Bash scripting, I recently wanted a function which took 2 parameters (host and port) and could be modified by any number of optional parameters.

There’s a lot of ways to do this with putting arrays or shifts, but there is also a reasonably elegant way to do it. In this example I’m using cURL, which requires hostname and port number but in some cases I may want to append other options.

function varArgExample(){
    local host=$1
    local port=$2
    curl http://$host:$port "${@:3}"
}

The magic is the “${@:3}” variable expansion at the end. It uses the well know ${@} variable, the array of all arguments passed, but it adds the little known option to say only use the array from element 3 onwards.

If only 2 varables are passed in, “${@:3}” expands out to “” (nothing, just an empty string) without any problems, acting much like varArgs in Java 6.

Should you want to stop at a certain element in the array you can also add a second option. For example,

echo "${@:2:5}"

would expand out to the values of $2, $3 and $4. Obviously, you can also start using integer variables to control the expansion and start getting into some really complicated behaviours too.

start=3; end=6
echo "${@:$start:$end}"

Quick Tip: Lines of Code in sub-folders

Just a quick one- I searched around for a bit longer than I wanted to find out how to find out the number of lines in certain file types in a folder.

The solution was:

find -type f \( -iname "*.java" -o -iname "*.gradle" \) -exec wc -l {} \; | awk '{lines += $1 ; files += 1 ; print  }; END { print "Lines total is: ", lines ," in ", files ," files"}'

As you can see, its a find for all files with names matching the *.java and *.gradle regexs, then a little awk magic to neaten up the out put and display totals at the end.

Networking VirtualBox VM’s in 7 Easy Steps

I love working on an Ubuntu virtual machine run on a Windows 7 host; I use this set up both at work and at home and will no doubt espouse the benefits of it on the blog at some point (until then check out this post by Ryan).

My software of choice is the free and excellent VirtualBox by Sun Oracle, which can be found here. Much of my work requires me write deployment scripts which set things up on multiple servers. To test this I found it really useful to set up a network between all of my VM’s, which isn’t as straightforward as it could be. Here’s how I got it going:

  1. Shutdown all VM’s, exit VirtualBox and open a command line
  2. Change directory into your VirtualBox folder (it should contain VBoxManage.exe)
  3. Execute the following commands, where vm01 and vm02 are the VirtualBox names of the VM’s:
  4. VBoxManage modifyvm “vm01” –nic2 intnet

    VBoxManage modifyvm “vm01” –intnet2 intnet

    VBoxManage modifyvm “vm02” –intnet2 intnet

    VBoxManage modifyvm “vm02” –nic2 intnet

    This configures a 2nd NIC on each VM, connected to the “intnet” internal network.

  5. Launch each VM
  6. Edit VM01’s network config, assigning a static IP (eg 192.168.0.2) and adding the default gateway as the same as the gateway on NIC1 (the original NIC)
  7. Edit VM02’s network config with the same details but with a different IP on the same group & subnet (eg 192.168.0.3)
  8. Try to get the 2 machines to ping one another, they should be working fine now!