<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#000000">The test is GUESSing, it's written there in the link you posted. What are your HTTP headers - what do you expose there? Do you expose your nginx version to clients? Like in headers? Error pages? From those, it's possible determine used OS and then guess kernel information. Is your app leaking this info, is simle HTML page "leaking" it too?</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#000000"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#000000">In normal conditions, nginx does not expose such information - why would it?. Post your config, or something to work with maybe. Once you say, 80 and 443, then only 443, also you say "<span style="font-family:Arial,Helvetica,sans-serif;color:rgb(34,34,34)">I see that kernel information is exposed on domain" - where do you see that? Show us, and help us better understand...</span></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#000000"><span style="font-family:Arial,Helvetica,sans-serif;color:rgb(34,34,34)"><br></span></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#000000"><span style="font-family:Arial,Helvetica,sans-serif;color:rgb(34,34,34)">My guess, is: its guessing from some header or error page, where there is info like:<br>Server: nginx/1.4.6 (Ubuntu)<br></span></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#000000"><span style="font-family:Arial,Helvetica,sans-serif;color:rgb(34,34,34)">X-Powered-By: PHP/5.5.9-1ubuntu4.25<br></span></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#000000"><span style="font-family:Arial,Helvetica,sans-serif;color:rgb(34,34,34)"><br></span></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#000000"><span style="font-family:Arial,Helvetica,sans-serif;color:rgb(34,34,34)">in headers, for example.</span></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#000000"><span style="font-family:Arial,Helvetica,sans-serif;color:rgb(34,34,34)"><br></span></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#000000"><span style="font-family:Arial,Helvetica,sans-serif;color:rgb(34,34,34)">P.</span></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 28, 2020 at 3:16 PM Praveen Kumar K S <<a href="mailto:praveenssit@gmail.com">praveenssit@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Okay. I exactly don't know how the Security Testing Team is able to get the kernel information. They use  Qualys and Nessus for performing tests. All I can say is only port 443 allowed to the server and I thought asking you guys if it is from Nginx or is there any way to handle it. Server is behind firewall.  </div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 28, 2020 at 11:49 AM lists <<a href="mailto:lists@lazygranch.com" target="_blank">lists@lazygranch.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="background-color:rgb(255,255,255);background-image:initial;line-height:initial"><div id="gmail-m_9115534473876990353gmail-m_945623046319435181response_container_BBPPID" style="outline:currentcolor none medium" dir="auto"> <div name="BB10" id="gmail-m_9115534473876990353gmail-m_945623046319435181BB10_response_div_BBPPID" dir="auto" style="width:100%"> Have you tried it? </div><div name="BB10" id="gmail-m_9115534473876990353gmail-m_945623046319435181BB10_response_div_BBPPID" dir="auto" style="width:100%"><a href="https://securiteam.com/tools/5qp0920ikm/" target="_blank">https://securiteam.com/tools/5qp0920ikm/</a></div>                                                                                                                                      <div name="BB10" id="gmail-m_9115534473876990353gmail-m_945623046319435181response_div_spacer_BBPPID" dir="auto" style="width:100%"> <br style="display:initial"></div><div name="BB10" id="gmail-m_9115534473876990353gmail-m_945623046319435181response_div_spacer_BBPPID" dir="auto" style="width:100%"><span style="font-family:initial;font-size:initial">I ran the nmap OS detection on my own server once and it triggered SSHGuard, locking me out. So a tip is you may want to run SINFP from a disposable IP address if you are running fail2ban, etc. </span></div> <div id="gmail-m_9115534473876990353gmail-m_945623046319435181blackberry_signature_BBPPID" name="BB10" dir="auto">     <div id="gmail-m_9115534473876990353gmail-m_945623046319435181_signaturePlaceholder_BBPPID" name="BB10" dir="auto"></div> </div></div><div id="gmail-m_9115534473876990353gmail-m_945623046319435181_original_msg_header_BBPPID" dir="auto">                                                                                                                                             <table style="border-spacing:0px;display:table;outline:currentcolor none medium" width="100%"><tbody><tr><td colspan="2" style="padding:initial;font-size:initial;text-align:initial">                           <div style="border-color:rgb(181,196,223) currentcolor currentcolor;border-style:solid none none;border-width:1pt medium medium;padding:3pt 0in 0in;font-family:Tahoma,"BB Alpha Sans","Slate Pro";font-size:10pt">  <div id="gmail-m_9115534473876990353gmail-m_945623046319435181from"><b>From:</b> <a href="mailto:praveenssit@gmail.com" target="_blank">praveenssit@gmail.com</a></div><div id="gmail-m_9115534473876990353gmail-m_945623046319435181sent"><b>Sent:</b> April 27, 2020 10:54 PM</div><div id="gmail-m_9115534473876990353gmail-m_945623046319435181to"><b>To:</b> <a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a></div><div id="gmail-m_9115534473876990353gmail-m_945623046319435181reply_to"><b>Reply-to:</b> <a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a></div><div id="gmail-m_9115534473876990353gmail-m_945623046319435181subject"><b>Subject:</b> Re: How to hide kernel information</div></div></td></tr></tbody></table> <br> </div><div name="BB10" dir="auto" style="background-image:initial;line-height:initial;outline:currentcolor none medium"><div dir="ltr">SINFP method is used to get the kernel information.<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 28, 2020 at 11:10 AM lists <<a href="mailto:lists@lazygranch.com" target="_blank">lists@lazygranch.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="background-color:rgb(255,255,255)"><div id="gmail-m_9115534473876990353gmail-m_945623046319435181gmail-m_-479715111517355810response_container_BBPPID" style="outline:currentcolor none medium" dir="auto"> <div id="gmail-m_9115534473876990353gmail-m_945623046319435181gmail-m_-479715111517355810BB10_response_div_BBPPID" dir="auto" style="width:100%"> Well I know nmap can detect the OS. I don't recall it could detect the rev of the kernel. </div><div id="gmail-m_9115534473876990353gmail-m_945623046319435181gmail-m_-479715111517355810BB10_response_div_BBPPID" dir="auto" style="width:100%"><br></div><div id="gmail-m_9115534473876990353gmail-m_945623046319435181gmail-m_-479715111517355810BB10_response_div_BBPPID" dir="auto" style="width:100%"><a href="https://nmap.org/book/man-os-detection.html" target="_blank">https://nmap.org/book/man-os-detection.html</a></div><div id="gmail-m_9115534473876990353gmail-m_945623046319435181gmail-m_-479715111517355810BB10_response_div_BBPPID" dir="auto" style="width:100%"><br></div><div id="gmail-m_9115534473876990353gmail-m_945623046319435181gmail-m_-479715111517355810BB10_response_div_BBPPID" dir="auto" style="width:100%"><a href="https://nmap.org/book/defenses.html" target="_blank">https://nmap.org/book/defenses.html</a></div>                                                                                                                                      <div id="gmail-m_9115534473876990353gmail-m_945623046319435181gmail-m_-479715111517355810response_div_spacer_BBPPID" dir="auto" style="width:100%"> <br></div> <div id="gmail-m_9115534473876990353gmail-m_945623046319435181gmail-m_-479715111517355810blackberry_signature_BBPPID" dir="auto">     <div id="gmail-m_9115534473876990353gmail-m_945623046319435181gmail-m_-479715111517355810_signaturePlaceholder_BBPPID" dir="auto"></div> </div></div><div id="gmail-m_9115534473876990353gmail-m_945623046319435181gmail-m_-479715111517355810_original_msg_header_BBPPID" dir="auto">                                                                                                                                             <table id="gmail-m_9115534473876990353gmail-m_945623046319435181gmail-m_-479715111517355810_pHCWrapper_BBPPID" style="border-spacing:0px;display:table;outline:currentcolor none medium" width="100%"><tbody><tr><td colspan="2">                           <div style="border-color:rgb(181,196,223);border-style:solid none none;border-width:1pt medium medium;padding:3pt 0in 0in;font-family:tahoma,"bb alpha sans","slate pro";font-size:10pt">  <div id="gmail-m_9115534473876990353gmail-m_945623046319435181gmail-m_-479715111517355810from"><b>From:</b> <a href="mailto:praveenssit@gmail.com" target="_blank">praveenssit@gmail.com</a></div><div id="gmail-m_9115534473876990353gmail-m_945623046319435181gmail-m_-479715111517355810sent"><b>Sent:</b> April 27, 2020 9:41 PM</div><div id="gmail-m_9115534473876990353gmail-m_945623046319435181gmail-m_-479715111517355810to"><b>To:</b> <a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a></div><div id="gmail-m_9115534473876990353gmail-m_945623046319435181gmail-m_-479715111517355810reply_to"><b>Reply-to:</b> <a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a></div><div id="gmail-m_9115534473876990353gmail-m_945623046319435181gmail-m_-479715111517355810subject"><b>Subject:</b> How to hide kernel information</div></div></td></tr></tbody></table> <br> </div><div dir="auto" style="outline:currentcolor none medium"><div dir="ltr"><div>Hello,</div><div><br></div><div>I have hosted Nginx 1.16.1 on Ubuntu 16.04. Have configured SSL from LetsEncrypt. Everything is running fine. Only port 80 and 443 are allowed.<br></div><div><br></div><div>During security testing, I see that kernel information is exposed on domain. More details at <a href="https://www.tenable.com/plugins/nessus/11936" target="_blank">https://www.tenable.com/plugins/nessus/11936</a></div><div><br></div><div>Is there any way to hide kernel information using Nginx ?</div><div><br></div><div>Cheers,</div><div>PK<br></div></div>
</div></div>_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a></blockquote></div><br clear="all"><br>-- <br><div dir="ltr"><font style="font-family:"courier new",monospace" size="1"><b style="color:rgb(102,102,102)">Regards,<br><br></b></font><div style="color:rgb(102,102,102)"><font size="1"><b><font face="'comic sans ms', sans-serif"><font style="font-family:"courier new",monospace" size="1">K S Praveen Kumar<br>M: <a href="tel:+919986855625" target="_blank">+91-9986855625</a></font><br></font></b></font></div></div>
</div></div>_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a></blockquote></div><br clear="all"><br>-- <br><div dir="ltr"><font style="font-family:"courier new",monospace" size="1"><b style="color:rgb(102,102,102)">Regards,<br><br></b></font><div style="color:rgb(102,102,102)"><font size="1"><b><font face="'comic sans ms', sans-serif"><font style="font-family:"courier new",monospace" size="1">K S Praveen Kumar<br>M: +91-9986855625 </font><br></font></b></font></div></div>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a></blockquote></div>