Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added headers-more-nginx-module recipe to address fingerprinting vulnerability #84

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Added headers-more-nginx-module recipe to address fingerprinting vulnerability #84

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions cookbooks/headersmore/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
ey-headersmore-fingerprinting
===================

https://github.com/agentzh/headers-more-nginx-module
Engine Yard upload/apply recipe steps
-
1. Install the latest Engine Yard CLI
* To upload an apply a new Chef recipe use the Engine Yard Command Line Interface (CLI). http://www.engineyard.com/products/cloud/features/cli
2. Login to EY from the EY CLI to connect the application the EY service

Create a recipe tar package
> $ tar zcf recipes.tgz cookbooks/

Upload the recipe to the environment
> $ ey recipes upload -e [Environment name] -f recipes.tgz

If you are unsure of the environment name run
> $ ey environments --all

Apply the recipe to the environment
> $ ey recipes apply -e [Environment name]


Reference(s)
-
Windows EY CLI bug. Workaround is to tar the package before uploading

https://github.com/engineyard/engineyard/issues/113

Engine Yard Command line interface installation guide can be found in the [ey-cloud-recipes] [1] repository.

[1]: https://github.com/engineyard/ey-cloud-recipes "ey-cloud-recipes"

29 changes: 29 additions & 0 deletions cookbooks/headersmore/recipes/default.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
#
# Cookbook Name:: Headersmore Fingerprinting
# Recipe:: Headersmore nginx Fingerprinting script
#
if ['app_master', 'app', 'solo'].include?(node[:instance_role])
execute "update http-custom.conf" do
command "
cat >> http-custom.conf << EOF
#********************************************************************
# Headersmore Nginx Fingerprinting header removal
#********************************************************************
#
# Clear Server Header
more_clear_headers 'Server';

# Clear X-Powered-By header
more_clear_headers 'X-Powered-By';"
cwd "/etc/nginx/"
not_if 'grep more_clear_headers /etc//http-custom.conf'
end

execute "reload " do
command 'sudo /etc/init.d/nginx restart'
end
end




4 changes: 4 additions & 0 deletions cookbooks/main/recipes/default.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@
# }
#end

# uncomment to turn on Headersmore Fingerprinting nginx
# require_recipe 'headersmore'


# uncomment to turn on thinking sphinx/ultra sphinx. Remember to edit cookbooks/sphinx/recipes/default.rb first!
# require_recipe "sphinx"

Expand Down