All, We have a Redhat 7.2 server that is using Foreman and it is failing Nessus.org's Vulnerability test for OpenSSL. This currently OpenSSL upto date via redhat but it is still failing.
On further investigation we have determine that the issue is with the Foreman Banner, see highlighted. ~]# curl -I -L http://`hostname`:8000 HTTP/1.1 404 Not Found Content-Type: text/html;charset=utf-8 X-Cascade: pass Content-Length: 450 X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Server: WEBrick/1.3.1 (Ruby/2.0.0/2015-12-16) OpenSSL/1.0.1e Date: Tue, 13 Dec 2016 14:18:10 GMT Connection: Keep-Alive We are new to Foreman and are wondering how to surpress this output highlight? as this will enable the Vulnerablitiy Scan to pass We have updated the httpd.conf to turn this off from http lookups # Security ServerTokens OS ServerSignature Off TraceEnable Off We have found the following but am unsure how to to apply these changes regards, Eamonn -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
