xCAT/xcat-core
2
0
Fork 0
mirror of https://github.com/xcat2/xcat-core.git synced 2026-05-05 16:49:08 +00:00
Code Issues Releases Wiki Activity
Files
bb8dd525da7b807edcd2cce56809d3d2af52b5da
xcat-core/xCATsn/xcat.conf
Vinícius Ferrão 5035697e9b fix: disable Apache directory indexing on /install and /tftpboot 
The default xCAT Apache configuration shipped with Options Indexes
enabled for the /install and /tftpboot directories. This allowed
unauthenticated users to browse directory listings, disclosing the
full tree of postscripts, boot files, and (in production deployments)
potentially kickstart files with password hashes, custom scripts with
embedded credentials, and cluster topology details.

Replace Options Indexes with -Indexes in all four shipped Apache config
files (MN and SN, Apache 2.2 and 2.4 variants). Direct file access
by known path continues to work, so all provisioning workflows are
unaffected. Directory browsing for /xcat-doc is preserved as it
contains only public documentation.

Additionally, add an Apache hardening guide documenting recommended
permissions for sensitive directories under /install, network binding
best practices, and IP-based access control options.

Addresses #7450
2026-05-03 23:01:01 -03:00

42 lines
1.0 KiB
Plaintext
Raw Blame History

#
# This configuration file allows a diskfull install to access the install images
# via http. It also allows the xCAT documentation to be accessed via
# http://localhost/xcat-doc/
# Updates to xCAT/xcat.conf should also be made to xCATsn/xcat.conf
#
AliasMatch ^/install/(.*)$ "/install/$1"
AliasMatch ^/tftpboot/(.*)$ "/tftpboot/$1"
<Directory "/tftpboot">
Options FollowSymLinks Includes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/install">
Options FollowSymLinks Includes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/install/postscripts">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/install/post">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Alias /xcat-doc "/opt/xcat/share/doc"
<Directory "/opt/xcat/share/doc">
Options Indexes
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Reference in New Issue View Git Blame Copy Permalink