mirror of
https://github.com/xcat2/xcat-core.git
synced 2026-05-06 00:59:13 +00:00
5035697e9b
The default xCAT Apache configuration shipped with Options Indexes enabled for the /install and /tftpboot directories. This allowed unauthenticated users to browse directory listings, disclosing the full tree of postscripts, boot files, and (in production deployments) potentially kickstart files with password hashes, custom scripts with embedded credentials, and cluster topology details. Replace Options Indexes with -Indexes in all four shipped Apache config files (MN and SN, Apache 2.2 and 2.4 variants). Direct file access by known path continues to work, so all provisioning workflows are unaffected. Directory browsing for /xcat-doc is preserved as it contains only public documentation. Additionally, add an Apache hardening guide documenting recommended permissions for sensitive directories under /install, network binding best practices, and IP-based access control options. Addresses #7450
12 lines
500 B
ReStructuredText
12 lines
500 B
ReStructuredText
Security
|
|
========
|
|
|
|
The security of a system covers a wide range of elements, from the security of system deployment and configuration, to the security of the system management, and the security of the software that is running on the system. This document will only discuss security features that are currently implemented in xCAT, not address the OS or any additional software packages that might be installed.
|
|
|
|
.. toctree::
|
|
:maxdepth: 2
|
|
|
|
ssl_config.rst
|
|
security.rst
|
|
apache_hardening.rst
|