From f8cb527f788ab8ed2a8304c9b9aae880126b6576 Mon Sep 17 00:00:00 2001 From: Jeffrey Zhang Date: Wed, 14 Mar 2018 16:57:30 +0800 Subject: [PATCH] Security reinforce for apache server Disable ServerSignature and Hide apache related infromation. Change-Id: I9188ddb85988539087c922117bb9f53454b7507c --- ansible/roles/aodh/templates/wsgi-aodh.conf.j2 | 2 ++ ansible/roles/cinder/templates/cinder-wsgi.conf.j2 | 2 ++ ansible/roles/cloudkitty/templates/wsgi-cloudkitty.conf.j2 | 2 ++ ansible/roles/freezer/templates/wsgi-freezer-api.conf.j2 | 2 ++ ansible/roles/gnocchi/templates/wsgi-gnocchi.conf.j2 | 2 ++ ansible/roles/horizon/templates/horizon.conf.j2 | 2 ++ ansible/roles/keystone/templates/wsgi-keystone.conf.j2 | 2 ++ ansible/roles/nova/templates/placement-api-wsgi.conf.j2 | 2 ++ ansible/roles/panko/templates/wsgi-panko.conf.j2 | 2 ++ ansible/roles/vitrage/templates/wsgi-vitrage.conf.j2 | 4 ++++ ansible/roles/zun/templates/wsgi-zun.conf.j2 | 2 ++ 11 files changed, 24 insertions(+) diff --git a/ansible/roles/aodh/templates/wsgi-aodh.conf.j2 b/ansible/roles/aodh/templates/wsgi-aodh.conf.j2 index 33294f3a8a..d9f408099e 100644 --- a/ansible/roles/aodh/templates/wsgi-aodh.conf.j2 +++ b/ansible/roles/aodh/templates/wsgi-aodh.conf.j2 @@ -1,6 +1,8 @@ {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} Listen {{ api_interface_address }}:{{ aodh_api_port }} +ServerSignature Off +ServerTokens Prod TraceEnable off diff --git a/ansible/roles/cinder/templates/cinder-wsgi.conf.j2 b/ansible/roles/cinder/templates/cinder-wsgi.conf.j2 index 1935bdcb79..994cf436fb 100644 --- a/ansible/roles/cinder/templates/cinder-wsgi.conf.j2 +++ b/ansible/roles/cinder/templates/cinder-wsgi.conf.j2 @@ -1,6 +1,8 @@ {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} Listen {{ api_interface_address }}:{{ cinder_api_port }} +ServerSignature Off +ServerTokens Prod TraceEnable off diff --git a/ansible/roles/cloudkitty/templates/wsgi-cloudkitty.conf.j2 b/ansible/roles/cloudkitty/templates/wsgi-cloudkitty.conf.j2 index c6926a303d..4018efe447 100644 --- a/ansible/roles/cloudkitty/templates/wsgi-cloudkitty.conf.j2 +++ b/ansible/roles/cloudkitty/templates/wsgi-cloudkitty.conf.j2 @@ -1,6 +1,8 @@ {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} Listen {{ api_interface_address }}:{{ cloudkitty_api_port }} +ServerSignature Off +ServerTokens Prod TraceEnable off diff --git a/ansible/roles/freezer/templates/wsgi-freezer-api.conf.j2 b/ansible/roles/freezer/templates/wsgi-freezer-api.conf.j2 index ffbcb73875..2d3e3aa6d0 100644 --- a/ansible/roles/freezer/templates/wsgi-freezer-api.conf.j2 +++ b/ansible/roles/freezer/templates/wsgi-freezer-api.conf.j2 @@ -2,6 +2,8 @@ {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} Listen {{ api_interface_address }}:{{ freezer_api_port }} +ServerSignature Off +ServerTokens Prod TraceEnable off diff --git a/ansible/roles/gnocchi/templates/wsgi-gnocchi.conf.j2 b/ansible/roles/gnocchi/templates/wsgi-gnocchi.conf.j2 index b518197f43..516bbda245 100644 --- a/ansible/roles/gnocchi/templates/wsgi-gnocchi.conf.j2 +++ b/ansible/roles/gnocchi/templates/wsgi-gnocchi.conf.j2 @@ -2,6 +2,8 @@ {% set wsgi_path = '/usr/bin' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/bin' %} Listen {{ api_interface_address }}:{{ gnocchi_api_port }} +ServerSignature Off +ServerTokens Prod TraceEnable off diff --git a/ansible/roles/horizon/templates/horizon.conf.j2 b/ansible/roles/horizon/templates/horizon.conf.j2 index d51b8db742..c93fb8de39 100644 --- a/ansible/roles/horizon/templates/horizon.conf.j2 +++ b/ansible/roles/horizon/templates/horizon.conf.j2 @@ -1,6 +1,8 @@ {% set python_path = '/usr/share/openstack-dashboard' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} Listen {{ api_interface_address }}:{{ horizon_port }} +ServerSignature Off +ServerTokens Prod TraceEnable off diff --git a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 index 83b297a6ad..e8abe072a1 100644 --- a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 +++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 @@ -3,6 +3,8 @@ Listen {{ api_interface_address }}:{{ keystone_public_port }} Listen {{ api_interface_address }}:{{ keystone_admin_port }} +ServerSignature Off +ServerTokens Prod TraceEnable off diff --git a/ansible/roles/nova/templates/placement-api-wsgi.conf.j2 b/ansible/roles/nova/templates/placement-api-wsgi.conf.j2 index 8659842cb5..d4fd8e7f45 100644 --- a/ansible/roles/nova/templates/placement-api-wsgi.conf.j2 +++ b/ansible/roles/nova/templates/placement-api-wsgi.conf.j2 @@ -3,6 +3,8 @@ {% set wsgi_directory = '/usr/bin' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/bin' %} Listen {{ api_interface_address }}:{{ placement_api_port }} +ServerSignature Off +ServerTokens Prod TraceEnable off diff --git a/ansible/roles/panko/templates/wsgi-panko.conf.j2 b/ansible/roles/panko/templates/wsgi-panko.conf.j2 index 402e216d5f..8216b492af 100644 --- a/ansible/roles/panko/templates/wsgi-panko.conf.j2 +++ b/ansible/roles/panko/templates/wsgi-panko.conf.j2 @@ -1,6 +1,8 @@ {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} Listen {{ api_interface_address }}:{{ panko_api_port }} +ServerSignature Off +ServerTokens Prod TraceEnable off diff --git a/ansible/roles/vitrage/templates/wsgi-vitrage.conf.j2 b/ansible/roles/vitrage/templates/wsgi-vitrage.conf.j2 index 280ce5fdb2..0314c0cebc 100644 --- a/ansible/roles/vitrage/templates/wsgi-vitrage.conf.j2 +++ b/ansible/roles/vitrage/templates/wsgi-vitrage.conf.j2 @@ -1,6 +1,10 @@ {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} Listen {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ vitrage_api_port }} +ServerSignature Off +ServerTokens Prod +TraceEnable off + ## Vhost docroot diff --git a/ansible/roles/zun/templates/wsgi-zun.conf.j2 b/ansible/roles/zun/templates/wsgi-zun.conf.j2 index c4f2753cbd..b4725120b9 100644 --- a/ansible/roles/zun/templates/wsgi-zun.conf.j2 +++ b/ansible/roles/zun/templates/wsgi-zun.conf.j2 @@ -1,6 +1,8 @@ {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} Listen {{ api_interface_address }}:{{ zun_api_port }} +ServerSignature Off +ServerTokens Prod TraceEnable off