I just ran it against my intranet server. Its not on the internet, but I use it to learn and to keep frequent reading material, links and the such. Here is the output from it.

TrustSight Security Hardening Report
TrustSight Security Hardening Tool report for httpd.conf ("S:\httpd\conf\httpd.conf"")
Date: 03/07/2004 3:31:49 PM

TrustSight Security Hardening Tool - Session Details
Paranoid Mode: Yes


3 recommendation(s)

ServerTokens directive
Line: 31
It is recommended to modify the ServerTokens directive to ServerTokens ProductOnly. After this change, Apache doesn''t disclose information about its version.


ServerSignature directive
Line: 920
It is recommended to modify the ServerSignature directive to ServerSignature Off


mod_security.c module

mod_security.c module not found. We recommend to enable the mod_security module - The mod_security module can help protect against Cross Site Scripting (XSS) and SQL injection. Detailed information can be found at: http://www.modsecurity.org


v1.0.0 BETA. New versions will be announced on the Syhunt homepage at: www.syhunt.com
I had to run it on my xpbox, with a drive temporarily mapped to my linux box.

I could have simply copied the file over but it was faster and easier this way.

Guess I have a bit of "hardening" to do... but its not on the web... so I have some more time to figure out exactly what all this is. I'm not too experienced with webservers. I've never really needed them except for little things that I do.

Anywho, thats the kind of reports it gives. Mind you, this is a default config that was installed with RH9. Oh, and I'm not using mysql or php.