DokuWiki

Site Tools

Trace: security_issues
Hotfix release available: 2025-05-14b "Librarian". upgrade now! [56.2] (what's this?)
Hotfix release available: 2025-05-14a "Librarian". upgrade now! [56.1] (what's this?)
New release available: 2025-05-14 "Librarian". upgrade now! [56] (what's this?)
Hotfix release available: 2024-02-06b "Kaos". upgrade now! [55.2] (what's this?)
Hotfix release available: 2024-02-06a "Kaos". upgrade now! [55.1] (what's this?)
New release available: 2024-02-06 "Kaos". upgrade now! [55] (what's this?)
Hotfix release available: 2023-04-04b "Jack Jackrum". upgrade now! [54.2] (what's this?)
Hotfix release available: 2023-04-04a "Jack Jackrum". upgrade now! [54.1] (what's this?)
New release available: 2023-04-04 "Jack Jackrum". upgrade now! [54] (what's this?)
Hotfix release available: 2022-07-31b "Igor". upgrade now! [53.1] (what's this?)
Hotfix release available: 2022-07-31a "Igor". upgrade now! [53] (what's this?)
New release available: 2022-07-31 "Igor". upgrade now! [52.2] (what's this?)
New release candidate 2 available: rc2022-06-26 "Igor". upgrade now! [52.1] (what's this?)
New release candidate available: 2022-06-26 "Igor". upgrade now! [52] (what's this?)
Hotfix release available: 2020-07-29a "Hogfather". upgrade now! [51.4] (what's this?)
New release available: 2020-07-29 "Hogfather". upgrade now! [51.3] (what's this?)
New release candidate 3 available: 2020-06-09 "Hogfather". upgrade now! [51.2] (what's this?)
New release candidate 2 available: 2020-06-01 "Hogfather". upgrade now! [51.1] (what's this?)
New release candidate available: 2020-06-01 "Hogfather". upgrade now! [51] (what's this?)
Hotfix release available: 2018-04-22c "Greebo". upgrade now! [50.3] (what's this?)
Hotfix release available: 2018-04-22b "Greebo". upgrade now! [50.2] (what's this?)
security_issues

Server Details

Vendor: Digital Ocean.
Account: devops@expertus.com
Instance name: secscan.exphosted.com (DNS zone not public)
IP Address : 107.170.34.185
Nexpose dashboard: 107.170.34.185:3780

Software Shortlisted:

Nexpose, OpenVAS, Brakeman.
Nexpose and OpenVAS ( Nessus fork ) were shortlisted from all recommendations published by SANS and OWASP Nexpose was used to conduct the security scan. Prior experience and vulnerability database coverage were two decisive factors for the selection. Two scans were conducted. Results from this security scan revealed many security issues which were documented in the issue tracker.

Scan profiles:

External User Scan:


Default Extensive profile (shipped with Nexpose) was modified to include web spidering, OS fingerprinting and scanning, intuitive i.e. potential vulnerability option which broadens the attack range, destructive scan option. No credentials were applied.

Exhaustive Scan:

Default Exhaustive profile (shipped with Nexpose) was modified to include web spidering, OS fingerprinting and credentialed scanning, destructive scan option. Admin user login credentials were also configured.

Brakeman:

Brakeman was executed to perform the following checks:

BasicAuth, ContentTag, CrossSiteScripting, DefaultRoutes, Deserialize, DetailedExceptions, DigestDoS, EscapeFunction, Evaluation, Execute, FileAccess, FilterSkipping, ForgerySetting, HeaderDoS, I18nXSS, JRubyXML, JSONParsing, LinkTo, LinkToHref, MailTo, MassAssignment, ModelAttrAccessible, ModelAttributes, ModelSerialize, NestedAttributes, NumberToCurrency, QuoteTableName, Redirect, Render, RenderDoS, ResponseSplitting, SQL, SSLVerify, SafeBufferManipulation, SanitizeMethods, SelectTag, SelectVulnerability, Send, SendFile, SessionSettings, SimpleFormat, SingleQuotes, SkipBeforeFilter, StripTags, SymbolDoS, TranslateBug, UnsafeReflection, ValidationRegex, WithoutProtection, YAMLParsing

How to repeat in future

Get a trial key from Nexpose.
Start the server (details mentioned above), login to the UI and apply the trial key.
Scan profiles are already stored - click on green play button to initiate the scan

Server Hardening Tips

Make sure that internal systems are protected from external threats; 

STEP 1: Add and run this script in cronttab or /etc/rc.local file or install fail2ban;
          
        #!/bin/bash
        iptables -F
        iptables -X
        iptables -A INPUT -m state --state INVALID -j DROP
        iptables -A INPUT -p tcp --dport 22 -s 192.168.2.0/24,192.168.3.0/24,192.168.7.0/25 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
        iptables -A INPUT -p tcp --dport 22 -j DROP
        service iptables save
STEP 2: Install rootkit Hunter

        For Centos - yum install rkhunter
        For Debian - apt-get install rkhunter
        To check   - rkhunter -c (collect the report or run this every week or day and collect the log)
        
Step 3: To audit the system install the lynis;
        
        For the first run
        
        cd /opt
        git clone https://github.com/CISOfy/Lynis
        cd lynis
        ./lynis audit system -Q
        
        To Collect report remotely;
        
        ssh -t -i /root/.ssh/id_rsa_automated root@<remote_ip> "cd /opt/Lynis; ./lynis -c -Q -q"
security_issues.txt · Last modified: 2018/08/31 16:16 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki