sorry eed to add the URL we found https://github.com/theforeman/smart-proxy/pull/402
E On Tuesday, 13 December 2016 14:38:52 UTC, Eamonn McQuaid wrote: > > > All, > > We have a Redhat 7.2 server that is using Foreman and it is failing > Nessus.org's Vulnerability test for OpenSSL. This currently OpenSSL upto > date via redhat but it is still failing. > > On further investigation we have determine that the issue is with the > Foreman Banner, see highlighted. > > ~]# curl -I -L http://`hostname`:8000 > HTTP/1.1 404 Not Found > Content-Type: text/html;charset=utf-8 > X-Cascade: pass > Content-Length: 450 > X-Xss-Protection: 1; mode=block > X-Content-Type-Options: nosniff > X-Frame-Options: SAMEORIGIN > Server: WEBrick/1.3.1 (Ruby/2.0.0/2015-12-16) OpenSSL/1.0.1e > Date: Tue, 13 Dec 2016 14:18:10 GMT > Connection: Keep-Alive > > We are new to Foreman and are wondering how to surpress this output > highlight? as this will enable the Vulnerablitiy Scan to pass > > We have updated the httpd.conf to turn this off from http lookups > > # Security > ServerTokens OS > ServerSignature Off > TraceEnable Off > > We have found the following but am unsure how to to apply these changes > > regards, > > Eamonn > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
