{"id":20996,"date":"2025-05-31T21:56:46","date_gmt":"2025-05-31T13:56:46","guid":{"rendered":"https:\/\/blog.pmail.idv.tw\/?p=20996"},"modified":"2025-05-31T21:56:46","modified_gmt":"2025-05-31T13:56:46","slug":"%e5%bc%b1%e9%bb%9e%e6%8e%83%e6%8f%8fcentos-7-%e9%9a%b1%e8%97%8fapache-%e7%89%88%e6%9c%ac%e8%b3%87%e8%a8%8a%e8%a8%ad%e5%ae%9a","status":"publish","type":"post","link":"https:\/\/blog.pmail.idv.tw\/?p=20996","title":{"rendered":"\u5f31\u9ede\u6383\u63cfCentoS 7 \u96b1\u85cfapache \u7248\u672c\u8cc7\u8a0a\u8a2d\u5b9a"},"content":{"rendered":"

\u4f7f\u7528openvas scan \u5f9e\u5916\u90e8IP\u6383\u63cf\u4e00\u500b centos 7 \u4e0a apache \u7db2\u7ad9(\u6709\u7d93\u904e\u8207\u8a31)<\/font><\/strong><\/p>\n

\u505a\u4e86\u4e00\u4e0b\u7d00\u9304:<\/p>\n

<\/p>\n

\u6383\u63cf\u5f8c\u6709\u627e\u51fa\u4e00\u4e9b\u98a8\u96aa<\/p>\n

\u7b2c\u4e00\u500b \u53ef\u4ee5\u6383\u51facentos \u7248\u672c (\u6700\u597d\u7684\u65b9\u5f0f\u9084\u662f\u628aOS\u7248\u672c\u5347\u7d1a)<\/p>\n

\u66ab\u6642\u89e3\u6c7a\u65b9\u5f0f<\/p>\n

\u964d\u4f4e\u8cc7\u8a0a\u63ed\u9732<\/p>\n

\"hild-apachever1\"<\/a><\/p>\n

\u4fee\u6539vi \/etc\/httpd\/conf\/httpd.conf   #RHEL\/CentOS systems<\/p>\n

\u65b0\u589e\/\u4fee\u6539\/\u9644\u52a0\u4e0b\u9762\u7684\u884c
\nServerTokens Prod
\nServerSignature Off<\/p>\n

\u8a2d\u5b9a\u597d\u91cd\u555fapache\u670d\u52d9<\/p>\n

\"hild-apachever2\"<\/a><\/p>\n

\u53ef\u4ee5\u7528nmap \u6307\u4ee4<\/p>\n

nmap.exe -T4 -sV -p 443  x.x.x.x
\nnmap.exe -p 443 –script ssl-enum-ciphers  x.x.x.x<\/p>\n

\u7b2c\u4e8c\u500b\u554f\u984c<\/p>\n

https \u6709\u9ad8\u98a8\u96aa\u7684\u52a0\u5bc6\u5957\u4ef6<\/p>\n

\"2025-05-31_204638\"<\/a><\/p>\n

\u89e3\u6c7a\u65b9\u5f0f\u95dc\u9589\u8001\u820a\u7248\u672c\u52a0\u5bc6\u5957\u4ef6<\/p>\n

\u7de8\u8f2f \/etc\/httpd\/conf.d\/ssl.conf<\/p>\n

\u5c07\u9810\u8a2dSSLCipherSuite \u8a2d\u5b9a\u8a3b\u89e3<\/p>\n

\u4fee\u6539\u5982\u4e0b\u8a2d\u5b9a(apache \u5b98\u65b9\u5efa\u8b70)<\/p>\n

SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384<\/p>\n

\u8a2d\u5b9a\u597d\u91cd\u555fapache\u670d\u52d9<\/p>\n

\"2025-05-31_204411\"<\/a><\/p>\n

\u7b2c\u4e09\u500b\u4e2d\u5ea6\u98a8\u96aa<\/h3>\n

\u4f7f\u7528TLS 1.0 1.1 \u820a\u7684\u5354\u5b9a<\/p>\n

\"2025-05-31_210052\"<\/a><\/p>\n

\u89e3\u6c7a\u65b9\u5f0f Apache \u505c\u7528 TLSv1.0 \u50b3\u8f38\u5c64\u5b89\u5168\u6027\u5354\u5b9a <\/h3>\n

\u7de8\u8f2f \/etc\/httpd\/conf.d\/ssl.conf<\/p>\n

\u627e\u5230 SSLProtocol \u5340\u6bb5\uff0c\u7528\u300c+\u300d\u3001\u300c-\u300d\u7684\u65b9\u5f0f\u8a2d\u5b9a\u652f\u63f4\u7684\u5354\u5b9a\uff0c\u9810\u8a2d\u5df2\u7d93\u79fb\u9664 SSLv2 \u548c SSLv3 \uff0c\u6b64\u6b21\u591a\u79fb\u9664 TLS 1.0 1.1 \uff0c\u8a2d\u5b9a\u5982\u4e0b (\u53ef\u53c3\u8003\u4e0b\u5716)<\/p>\n

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1<\/p>\n

\"2025-05-31_204411\"<\/a><\/p>\n

\u53c3\u8003\u8cc7\u6599\n<\/p>\n

https:\/\/ishm.idv.tw\/archives\/396<\/a>\n<\/p>\n

https:\/\/gist.github.com\/unciax\/8c4008505e373103ddddab0a7b019611<\/a><\/p>\n

https:\/\/www.gss.com.tw\/blog\/set-https-connect-protocols-and-ciphers<\/a><\/p>\n

\n