[BlueOnyx:04497] Re: many thanks

webmaster webmaster at oldcabin.net
Sat May 15 14:17:11 -05 2010 



Jeff,

Many thanks for your explanations and suggestions.

This is what happens when someone with an agriculture degree ends up 
being a web host.

Much of what you mentioned below I totally understand and can, and 
have done but......  a big concern of mine in breaking the BX GUI.

I am afraid I will break something if I do updates via the command 
line or webmin.  Yes webmin.
I use webmin for lots of stuff.
Never anything that will break the GUI though.
Mostly monitoring processes and such.
Really get rid of it?

My Raq on the other hand it patched/hacked up manually since it is no 
longer supported and I have no other options.


Thanks again

--Tim



>On May 15, 2010, at 11:43 AM, webmaster wrote:
>
> > Jeff,
> >
> > Thanks for your input.
>
>What else do I have to do on a Saturday? Wait, I could mow the lawn,
>fix the A/C, ride the motorcycle... No problem.  ;-D
>
> > I have posted that report here:
> > www.oldcabin.net/Port-scan-resultst.doc &
>
>This was blank...
>
> > www.oldcabin.net/port-scan-results.txt
>
>Okay, something to look at.
>I'm not going to address every entry, these bonehead scans are
>triggered on simple port scans and basic version calls...
>
>#1 TCP port 10000 -- probably your Webmin install, get rid of it
>
>#2 TCP port 22 -- research the CVE entries, report your COMPLETE ssh
>release/patch level (mine is openssh-4.3p2-36.el5_4.4.i386), research
>the release/patch level on CentOS or RHEL security sites to make sure
>they address the CVE entries, DOCUMENT and assuage the auditors'
>"fears". For example...
>    Last CVE in ssh list - Google 'CVE-2008-5161 redhat' finds this
>page...
>    https://www.redhat.com/security/data/cve/CVE-2008-5161.html which
>states the issue is addressed here...
>    https://rhn.redhat.com/errata/RHSA-2009-1287.html with release
>openssh-4.3p2-36.el5
>
>#3 TCP port 80 (PHP) -- same as no 2, current installed rpm is
>php-5.1.6-24.el5_4.5
>
>#4 TCP port 123 -- you have the ntp server running (my BX install does
>not)?? Something else using port 123??
>
>In my current business, I deal with retail establishments (brick and
>mortar) and ALWAYS suggest they DO NOT store cc numbers. That way we
>only have to show a physically separate internal network and a
>COMPLETELY locked down public interface on the internet facing
>firewall/router. I ALWAYS suggest PCI Complaint/Certified software
>solutions. They are also instructed to have a written policy for
>temporarily hand written or imprinted cards' destruction when the
>network is down. I do have one non-profit that accepts credit card
>donations on their website, but that is passed directly to a
>Authorize.net page for entry and processing.
>
>But basically, you are going to want to stay in the PCI SAQ categories
>1-3 (scanning not mandatory) to avoid this nonsense. The only way you
>can accomplish this is to move the page where the cc info is entered
>off of your server (outsource). Otherwise, use a dedicated server for
>the processing (consider putting that on PRIVATE address space using a
>second NIC), and shut down ALL unnecessary services.
>
> > My biggest concern is...... I though the BX systems were up to
> > date?  When yum runs it takes care of updates/patches and such?
>
>They are, but simple scans will not reveal the release/patch level of
>your software. You will have to do something similar to what I
>explained about your BIND software (rpm -q "package"). This has
>nothing to do with BlueOnyx, as it is all upstream with CentOS and
>ultimately RHEL (RedHat). Certified/Compliant systems are going to be
>complicated and EXPENSIVE. Open source plugins are going to go the way
>of the dodo (or should) unless they pass off to mainstream providers
>like PayPal and Authorize.net.
>
> > ..snip..
> > When you look at the report notice the first entry for bugzilla?
> > I don't think I even have that on my system but the report says it
> > needs to updated.
> > Huh?
> > Could their report be wrong?
>
>Notice the port? 10000. There are 14 other references to this TCP port
>in the scan results. Don't you have Webmin installed? That is what is
>on port 10000. YOU did that, nothing to do with BlueOnyx... Explain it
>to the auditors, or uninstall.
>
>HTH;
>Jeff
>
>_______________________________________________
>Blueonyx mailing list
>Blueonyx at blueonyx.it
>http://www.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list