Bug#497362: /etc/apache2/conf.d/security: ServerTokens config file documentation wrong
Package: apache2.2-common
Version: 2.2.9-7
Severity: minor
File: /etc/apache2/conf.d/security
Hi,
The file mentioned above has:
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
The ordering not correct, Minimal and Minor should be switched.
OS gives: Apache/2.2.3 (Debian)
Minor gives: Apache/2.2
Minimal gives: Apache/2.2.3
Major gives: Apache/2
so it should read:
# Set to one of: Full | OS | Minimal | Minor | Major | Prod
cheers,
Thijs
-- Package-specific info:
List of enabled modules from 'apache2 -M':
alias auth_basic authn_file authz_default authz_groupfile
authz_host authz_user autoindex cgi deflate dir env mime
negotiation php5 setenvif status
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages apache2.2-common depends on:
ii apache2-utils 2.2.9-7 utility programs for webservers
ii libapr1 1.2.12-4 The Apache Portable Runtime Librar
ii libaprutil1 1.2.12+dfsg-8 The Apache Portable Runtime Utilit
ii libc6 2.7-13 GNU C Library: Shared libraries
ii libmagic1 4.25-1 File type determination library us
ii libssl0.9.8 0.9.8g-13 SSL shared libraries
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii mime-support 3.44-1 MIME files 'mime.types' & 'mailcap
ii net-tools 1.60-19 The NET-3 networking toolkit
ii perl 5.10.0-13 Larry Wall's Practical Extraction
ii procps 1:3.2.7-9 /proc file system utilities
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages apache2.2-common recommends:
ii ssl-cert 1.0.22 simple debconf wrapper for OpenSSL
Versions of packages apache2.2-common suggests:
pn apache2-doc <none> (no description available)
pn apache2-suexec | apache2-suex <none> (no description available)
ii w3m [www-browser] 0.5.2-2+b1 WWW browsable pager with excellent
Versions of packages apache2.2-common is related to:
pn apache2-mpm-event <none> (no description available)
pn apache2-mpm-itk <none> (no description available)
ii apache2-mpm-prefork 2.2.9-7 Apache HTTP Server - traditional n
pn apache2-mpm-worker <none> (no description available)
-- no debconf information
Reply to: