linux隐藏tomcat版本_Ubuntu 14.04隐藏Tomcat-7.0.52的版本号与操作系统类型
一般情況下,軟件的漏洞信息和特定版本,特定操作系統是相關的,因此,軟件的版本號以及操作系統類型對攻擊者來說是很有價值的。
在默認情況下,Tomcat會在返回信息中把自身的版本號,操作系統類型都顯示出來,如下圖:
這樣做會造成潛在的安全風險,導致不必要的攻擊行為。
在Ubuntu 14.04系統上隱藏Tomcat-7.0.52的版本號與操作系統類型的方法如下:
$ cd ~
$ mkdir catalina
$ cd catalina
$ cp /usr/share/tomcat7/lib/catalina.jar .
$ unzip catalina.jar
$ cd org/apache/catalina/util
$ vim ServerInfo.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
$cd~
$mkdircatalina
$cdcatalina
$cp/usr/share/tomcat7/lib/catalina.jar.
$unzipcatalina.jar
$cdorg/apache/catalina/util
$vimServerInfo.properties
可以看到里面的內容如下:
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
server.info=Apache Tomcat/7.0.52 (Ubuntu)
server.number=7.0.52.0
server.built=Jun 30 2016 01:59:37
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#LicensedtotheApacheSoftwareFoundation(ASF)underoneormore
#contributorlicenseagreements.SeetheNOTICEfiledistributedwith
#thisworkforadditionalinformationregardingcopyrightownership.
#TheASFlicensesthisfiletoYouundertheApacheLicense,Version2.0
#(the"License");youmaynotusethisfileexceptincompliancewith
#theLicense.YoumayobtainacopyoftheLicenseat
#
#http://www.apache.org/licenses/LICENSE-2.0
#
#Unlessrequiredbyapplicablelaworagreedtoinwriting,software
#distributedundertheLicenseisdistributedonan"AS IS"BASIS,
#WITHOUTWARRANTIESORCONDITIONSOFANYKIND,eitherexpressorimplied.
#SeetheLicenseforthespecificlanguagegoverningpermissionsand
#limitationsundertheLicense.
server.info=ApacheTomcat/7.0.52(Ubuntu)
server.number=7.0.52.0
server.built=Jun30201601:59:37
直接注釋掉里面的內容,如下:
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# server.info=Apache Tomcat/7.0.52 (Ubuntu)
# server.number=7.0.52.0
# server.built=Jun 30 2016 01:59:37
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#LicensedtotheApacheSoftwareFoundation(ASF)underoneormore
#contributorlicenseagreements.SeetheNOTICEfiledistributedwith
#thisworkforadditionalinformationregardingcopyrightownership.
#TheASFlicensesthisfiletoYouundertheApacheLicense,Version2.0
#(the"License");youmaynotusethisfileexceptincompliancewith
#theLicense.YoumayobtainacopyoftheLicenseat
#
#http://www.apache.org/licenses/LICENSE-2.0
#
#Unlessrequiredbyapplicablelaworagreedtoinwriting,software
#distributedundertheLicenseisdistributedonan"AS IS"BASIS,
#WITHOUTWARRANTIESORCONDITIONSOFANYKIND,eitherexpressorimplied.
#SeetheLicenseforthespecificlanguagegoverningpermissionsand
#limitationsundertheLicense.
#server.info=ApacheTomcat/7.0.52(Ubuntu)
#server.number=7.0.52.0
#server.built=Jun30201601:59:37
修改完成后,把修改完成的數據存儲到catalina.jar中。
$ cd ~
$ cd catalina
$ jar uvf catalina.jar org/apache/catalina/util/ServerInfo.properties
1
2
3
4
5
$cd~
$cdcatalina
$jaruvfcatalina.jarorg/apache/catalina/util/ServerInfo.properties
把修改后的catalina.jar放回到Tomcat的目錄下面:
$ cd ~
$ cd catalina
$ sudo unlink /usr/share/tomcat7/lib/catalina.jar
$ sudo mv /usr/share/java/catalina.jar /usr/share/java/catalina.jar.old
$ sudo cp catalina.jar /usr/share/java/
$ sudo chmod +r /usr/share/java/catalina.jar
$ cd /usr/share/tomcat7/lib
$ sudo ln -s ../../java/catalina.jar catalina.jar
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
$cd~
$cdcatalina
$sudounlink/usr/share/tomcat7/lib/catalina.jar
$sudomv/usr/share/java/catalina.jar/usr/share/java/catalina.jar.old
$sudocpcatalina.jar/usr/share/java/
$sudochmod+r/usr/share/java/catalina.jar
$cd/usr/share/tomcat7/lib
$sudoln-s../../java/catalina.jarcatalina.jar
重啟Tomcat的服務
$ sudo service tomcat7 restart
1
$sudoservicetomcat7restart
修改后的結果如下圖所示,已經沒有系統類型信息了,僅僅返回了一個404錯誤。
總結
以上是生活随笔為你收集整理的linux隐藏tomcat版本_Ubuntu 14.04隐藏Tomcat-7.0.52的版本号与操作系统类型的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: verilog异步复位jk触发器_HDL
- 下一篇: linux 7 nano,Linux初學