linux隐藏tomcat版本_Ubuntu 14.04隐藏Tomcat-7.0.52的版本号与操作系统类型
一般情況下,軟件的漏洞信息和特定版本,特定操作系統(tǒng)是相關(guān)的,因此,軟件的版本號以及操作系統(tǒng)類型對攻擊者來說是很有價(jià)值的。
在默認(rèn)情況下,Tomcat會(huì)在返回信息中把自身的版本號,操作系統(tǒng)類型都顯示出來,如下圖:
這樣做會(huì)造成潛在的安全風(fēng)險(xiǎn),導(dǎo)致不必要的攻擊行為。
在Ubuntu 14.04系統(tǒng)上隱藏Tomcat-7.0.52的版本號與操作系統(tǒng)類型的方法如下:
$ cd ~
$ mkdir catalina
$ cd catalina
$ cp /usr/share/tomcat7/lib/catalina.jar .
$ unzip catalina.jar
$ cd org/apache/catalina/util
$ vim ServerInfo.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
$cd~
$mkdircatalina
$cdcatalina
$cp/usr/share/tomcat7/lib/catalina.jar.
$unzipcatalina.jar
$cdorg/apache/catalina/util
$vimServerInfo.properties
可以看到里面的內(nèi)容如下:
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
server.info=Apache Tomcat/7.0.52 (Ubuntu)
server.number=7.0.52.0
server.built=Jun 30 2016 01:59:37
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#LicensedtotheApacheSoftwareFoundation(ASF)underoneormore
#contributorlicenseagreements.SeetheNOTICEfiledistributedwith
#thisworkforadditionalinformationregardingcopyrightownership.
#TheASFlicensesthisfiletoYouundertheApacheLicense,Version2.0
#(the"License");youmaynotusethisfileexceptincompliancewith
#theLicense.YoumayobtainacopyoftheLicenseat
#
#http://www.apache.org/licenses/LICENSE-2.0
#
#Unlessrequiredbyapplicablelaworagreedtoinwriting,software
#distributedundertheLicenseisdistributedonan"AS IS"BASIS,
#WITHOUTWARRANTIESORCONDITIONSOFANYKIND,eitherexpressorimplied.
#SeetheLicenseforthespecificlanguagegoverningpermissionsand
#limitationsundertheLicense.
server.info=ApacheTomcat/7.0.52(Ubuntu)
server.number=7.0.52.0
server.built=Jun30201601:59:37
直接注釋掉里面的內(nèi)容,如下:
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# server.info=Apache Tomcat/7.0.52 (Ubuntu)
# server.number=7.0.52.0
# server.built=Jun 30 2016 01:59:37
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#LicensedtotheApacheSoftwareFoundation(ASF)underoneormore
#contributorlicenseagreements.SeetheNOTICEfiledistributedwith
#thisworkforadditionalinformationregardingcopyrightownership.
#TheASFlicensesthisfiletoYouundertheApacheLicense,Version2.0
#(the"License");youmaynotusethisfileexceptincompliancewith
#theLicense.YoumayobtainacopyoftheLicenseat
#
#http://www.apache.org/licenses/LICENSE-2.0
#
#Unlessrequiredbyapplicablelaworagreedtoinwriting,software
#distributedundertheLicenseisdistributedonan"AS IS"BASIS,
#WITHOUTWARRANTIESORCONDITIONSOFANYKIND,eitherexpressorimplied.
#SeetheLicenseforthespecificlanguagegoverningpermissionsand
#limitationsundertheLicense.
#server.info=ApacheTomcat/7.0.52(Ubuntu)
#server.number=7.0.52.0
#server.built=Jun30201601:59:37
修改完成后,把修改完成的數(shù)據(jù)存儲(chǔ)到catalina.jar中。
$ cd ~
$ cd catalina
$ jar uvf catalina.jar org/apache/catalina/util/ServerInfo.properties
1
2
3
4
5
$cd~
$cdcatalina
$jaruvfcatalina.jarorg/apache/catalina/util/ServerInfo.properties
把修改后的catalina.jar放回到Tomcat的目錄下面:
$ cd ~
$ cd catalina
$ sudo unlink /usr/share/tomcat7/lib/catalina.jar
$ sudo mv /usr/share/java/catalina.jar /usr/share/java/catalina.jar.old
$ sudo cp catalina.jar /usr/share/java/
$ sudo chmod +r /usr/share/java/catalina.jar
$ cd /usr/share/tomcat7/lib
$ sudo ln -s ../../java/catalina.jar catalina.jar
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
$cd~
$cdcatalina
$sudounlink/usr/share/tomcat7/lib/catalina.jar
$sudomv/usr/share/java/catalina.jar/usr/share/java/catalina.jar.old
$sudocpcatalina.jar/usr/share/java/
$sudochmod+r/usr/share/java/catalina.jar
$cd/usr/share/tomcat7/lib
$sudoln-s../../java/catalina.jarcatalina.jar
重啟Tomcat的服務(wù)
$ sudo service tomcat7 restart
1
$sudoservicetomcat7restart
修改后的結(jié)果如下圖所示,已經(jīng)沒有系統(tǒng)類型信息了,僅僅返回了一個(gè)404錯(cuò)誤。
總結(jié)
以上是生活随笔為你收集整理的linux隐藏tomcat版本_Ubuntu 14.04隐藏Tomcat-7.0.52的版本号与操作系统类型的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: verilog异步复位jk触发器_HDL
- 下一篇: linux 7 nano,Linux初學