Differences
This shows you the differences between two versions of the page.
— |
linux_wiki:webserver_security_verification [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Webserver Security Verification ====== | ||
+ | |||
+ | **General Information** | ||
+ | |||
+ | Verifying security settings on web servers. | ||
+ | |||
+ | **Checklist** | ||
+ | * Apache HTTPD or Nginx | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Verify SSL Ciphers ====== | ||
+ | |||
+ | Ciphers - Check what will be used by openssl | ||
+ | <code bash> | ||
+ | openssl ciphers -v ' | ||
+ | </ | ||
+ | |||
+ | \\ | ||
+ | Ciphers - Perform a SSL Scan on the web server | ||
+ | <code bash> | ||
+ | sslscan --no-failed 192.168.1.123: | ||
+ | </ | ||
+ | * Look for " | ||
+ | |||
+ | \\ | ||
+ | Ciphers - Perform a SSL Scan on the web server, get just the Accepted lines | ||
+ | <code bash> | ||
+ | sslscan --no-failed 192.168.1.123: | ||
+ | </ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Verify HTTP Headers ====== | ||
+ | |||
+ | Verify set HTTP headers, HSTS and others.< | ||
+ | |||
+ | ---- | ||