In unix, find the daemon in question, possibly by finding its line
in /etc/inetd.conf, and read its man page.  For complex config files
(e.g. sendmail), search in the config file for the constant portions of the
string it's outputting (e.g. in sendmail.cf find the string "Sendmail" with
a capital 'S').  For telnetd, some systems have "-h" to suppress the greeting
and other systems' banners come from a file called something like /etc/issue.
(Note that in redhat linux, you really want to modify /etc/rc.d/rc.local
rather than (or in addition to) /etc/issue*, because it regenerates
/etc/issue* upon boot.)  For Solaris 2.6 and greater, put "BANNER=" (without
the quotes) in /etc/default/telnetd and/or /etc/default/ftpd.  The telnetd
included with Solaris <2.6 and SunOS can't suppress the banner, but there's
no need to use that particular software; you could use GNU telnetd or wu-ftpd,
for example; or you might edit the binary, as the strings appear in it.

But this might not really be a security issue and it might not be worth
your effort.  Suppressing banners probably doesn't restrict any information
which is genuinely useful to an attacker.  If an attacker has some "exploit"
program for sendmail 1.2.3 only, then rather than checking the banner to see
if your machine is in fact running sendmail 1.2.3, they might as well just run
the exploit program, which is a direct check of whether you're vulnerable.
Whereas the banner suppression *will* interfere with some kinds of checking
of daemon versions which you yourself may want to do occasionally.

© 2008 FAQS.ORG. All rights reserved.