Security Misconfiguration Detection
Security Misconfiguration Detection
Implement automated security configuration checks:
#!/bin/bash
# /usr/local/bin/security-audit.sh
echo "Web Server Security Audit"
echo "========================"
# Check for common misconfigurations
check_apache() {
echo -e "\n[Apache Security Check]"
# Check if server signature is disabled
if apache2ctl -S 2>&1 | grep -q "ServerTokens"; then
echo "✗ ServerTokens should be set to 'Prod'"
fi
# Check directory listing
if grep -r "Options.*Indexes" /etc/apache2/sites-enabled/; then
echo "✗ Directory listing is enabled in some configurations"
fi
# Check for default pages
if [ -f /var/www/html/index.html ] && grep -q "Apache2 Debian Default Page" /var/www/html/index.html; then
echo "✗ Default Apache page is still present"
fi
# Check SSL/TLS configuration
if ! grep -q "SSLProtocol.*-TLSv1 -TLSv1.1" /etc/apache2/mods-enabled/ssl.conf 2>/dev/null; then
echo "✗ Weak SSL/TLS protocols may be enabled"
fi
}
check_nginx() {
echo -e "\n[Nginx Security Check]"
# Check server tokens
if ! grep -q "server_tokens off" /etc/nginx/nginx.conf; then
echo "✗ server_tokens should be set to 'off'"
fi
# Check for autoindex
if grep -r "autoindex on" /etc/nginx/sites-enabled/; then
echo "✗ Autoindex is enabled in some configurations"
fi
# Check for default server
if grep -q "default_server" /etc/nginx/sites-enabled/*; then
echo "⚠ Default server is configured - ensure it's intentional"
fi
# Check SSL protocols
if ! grep -q "ssl_protocols TLSv1.2 TLSv1.3" /etc/nginx/nginx.conf; then
echo "✗ Weak SSL/TLS protocols may be enabled"
fi
}
# Check file permissions
check_permissions() {
echo -e "\n[File Permission Check]"
# Check web root permissions
if [ -d /var/www ]; then
find /var/www -type d -perm 777 2>/dev/null | while read dir; do
echo "✗ World-writable directory: $dir"
done
find /var/www -type f -perm 777 2>/dev/null | while read file; do
echo "✗ World-writable file: $file"
done
fi
# Check configuration file permissions
for conf in /etc/apache2/apache2.conf /etc/nginx/nginx.conf; do
if [ -f "$conf" ]; then
perms=$(stat -c %a "$conf")
if [ "$perms" != "644" ] && [ "$perms" != "640" ]; then
echo "✗ Insecure permissions on $conf: $perms"
fi
fi
done
}
# Check for information disclosure
check_info_disclosure() {
echo -e "\n[Information Disclosure Check]"
# Test for server headers
if command -v curl &> /dev/null; then
response=$(curl -s -I http://localhost/ 2>/dev/null)
if echo "$response" | grep -qi "Server:.*Apache"; then
echo "✗ Apache version disclosed in headers"
fi
if echo "$response" | grep -qi "Server:.*nginx"; then
echo "✗ Nginx version disclosed in headers"
fi
if echo "$response" | grep -qi "X-Powered-By:"; then
echo "✗ X-Powered-By header is present"
fi
fi
# Check for common info files
info_files=(".git" ".svn" ".env" "phpinfo.php" "info.php" ".htaccess" ".htpasswd")
for file in "${info_files[@]}"; do
find /var/www -name "$file" 2>/dev/null | while read found; do
echo "✗ Sensitive file exposed: $found"
done
done
}
# Run checks based on installed servers
if command -v apache2ctl &> /dev/null; then
check_apache
fi
if command -v nginx &> /dev/null; then
check_nginx
fi
check_permissions
check_info_disclosure
echo -e "\n[Recommendations]"
echo "1. Review and fix all issues marked with ✗"
echo "2. Run this script regularly as part of security monitoring"
echo "3. Consider implementing a Web Application Firewall (WAF)"
echo "4. Keep all software updated with security patches"