[[linux_wiki:webserver_security_verification]]

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:webserver_security_verification [2019/05/26 03:50] (current)
Line 1: Line 1:
 +====== Webserver Security Verification ======
 +
 +**General Information**
 +
 +Verifying security settings on web servers. ​
 +
 +**Checklist**
 +  * Apache HTTPD or Nginx
 +
 +----
 +
 +====== Verify SSL Ciphers ======
 +
 +Ciphers - Check what will be used by openssl
 +<code bash>
 +openssl ciphers -v '​HIGH:​!MEDIUM:​!3DES:​!ADH:​!AECDH:​!DHE:​!EDH:​!RC4'​
 +</​code>​
 +
 +\\
 +Ciphers - Perform a SSL Scan on the web server
 +<code bash>
 +sslscan --no-failed 192.168.1.123:​443
 +</​code>​
 +  * Look for "​Supported Server Cipher(s)"​ and "​Preferred Server Cipher(s)"​
 +
 +\\
 +Ciphers - Perform a SSL Scan on the web server, get just the Accepted lines
 +<code bash>
 +sslscan --no-failed 192.168.1.123:​443 | grep Accepted
 +</​code>​
 +
 +----
 +
 +====== Verify HTTP Headers ======
 +
 +Verify set HTTP headers, HSTS and others.<​code bash>​curl --head https://​mysite.domain.com/</​code>​
 +
 +----
  
  • linux_wiki/webserver_security_verification.txt
  • Last modified: 2019/05/26 03:50
  • (external edit)