[ibm-aix-ibmi-hosting] Recurring security scans - and actions to be taken.

CHIGOT, CLEMENT clement.chigot at atos.net
Wed Sep 22 06:51:22 UTC 2021


Hi,

The golang issues should be fixed now.

Thanks,
Clément
________________________________
From: ibm-aix-ibmi-hosting <ibm-aix-ibmi-hosting-bounces at osuosl.org> on behalf of Lance Albertson <lance at osuosl.org>
Sent: Tuesday, September 21, 2021 9:09 PM
To: ibm-aix-ibmi-hosting at osuosl.org <ibm-aix-ibmi-hosting at osuosl.org>
Subject: Re: [ibm-aix-ibmi-hosting] Recurring security scans - and actions to be taken.


Caution! External email. Do not open attachments or click links, unless this email comes from a known sender and you know the content is safe.

Here's the latest report we got yesterday. Can we please fix the NTP issue and the X Server issue soon please?

Thanks!

On Wed, Aug 25, 2021 at 1:57 AM Michael Felt <aixtools at felt.demon.nl<mailto:aixtools at felt.demon.nl>> wrote:
* per below, mariadb is fixed.
* in earlier convos, golang admins have indicated they will update the
HTTP software.
* I have opened a slack chat with ojdk infrastructure re: the active
port 6000. The jenkins user is starting the program /usr/bin/X11/X - if
it is needed for testing my proposal will be to block port 6000 on the
WAN interface (leaving it open on 127.0.0.1).

On 25/08/2021 05:44, Daniel Black wrote:
> Opps, me looks up
>
> On Thu, Aug 19, 2021 at 6:44 AM Michael Felt <aixtools at felt.demon.nl<mailto:aixtools at felt.demon.nl>> wrote:
>> If you don't need any of the inetd services - also stop the inetd process.
>>
>> # /usr/sbin/chrctcp -S -d inetd
>>
>
> On Wed, Aug 25, 2021 at 1:43 PM Daniel Black <daniel at mariadb.org<mailto:daniel at mariadb.org>> wrote:
>> On Wed, Aug 25, 2021 at 10:09 AM Lance Albertson <lance at osuosl.org<mailto:lance at osuosl.org>> wrote:
>>> All,
>>>
>>> Thanks for resolving the issues as reported last week. It looks like all of the ntp problems have been resolved! I've attached the report from yesterday so everyone can see.
>>>
>>> However we do have a few issues left that need to be fixed. It appears that rexecd is running again on p8-aix1-mariadb.osuosl.org<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fp8-aix1-mariadb.osuosl.org%2F&data=04%7C01%7Cclement.chigot%40atos.net%7C40e79e3888d64d972ef708d97d336511%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C637678482001039853%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=mGX9fvJ3cYF0NK0kLBjndmyGVhDKkKuT4jiVIRPE5y8%3D&reserved=0>. We need to make sure that service is either disabled always or at least blocked off.
>> Thanks Lance,
>>
>> Seems corrected - (thanks Michael?)
>>
>> root at p8-aix1-mariadb:[/root]egrep -v '^(#|$)' /etc/inetd.conf
>> daytime stream  tcp     nowait  root    internal
>> time    stream  tcp     nowait  root    internal
>> daytime dgram   udp     wait    root    internal
>> time    dgram   udp     wait    root    internal
>> xmquery dgram   udp6    wait    root    /usr/bin/xmtopas xmtopas -p3
>> caa_cfg stream  tcp6    nowait  root    /usr/sbin/clusterconf
>> clusterconf >>/var/adm/ras/clusterconf.log 2>&1
>>
>> root at p8-aix1-mariadb:[/root]grep exec /etc/inetd.conf
>> ##      needs to be executed for inetd to re-read the inetd.conf file.
>> #exec    stream  tcp6    nowait  root    /usr/sbin/rexecd       rexecd
>>
>> Is disabling inetd possible/recommended?
>>
>> Is commenting all /etc/inetd.conf service the right way?
>>
>> Is disabling /etc/rc.tcpip to disable inetd and others sane?
>>
>> https://www.ibm.com/docs/en/aix/7.1?topic=files-rctcpip-file-tcpip<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ibm.com%2Fdocs%2Fen%2Faix%2F7.1%3Ftopic%3Dfiles-rctcpip-file-tcpip&data=04%7C01%7Cclement.chigot%40atos.net%7C40e79e3888d64d972ef708d97d336511%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C637678482001039853%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RRUocPZzTLYwAQtvtN9TIX0wR%2BKKKMZ0%2FPa%2F5UiZnO4%3D&reserved=0>
>>
>>> I'll check back on this next week to see any progress.
--
ibm-aix-ibmi-hosting mailing list
ibm-aix-ibmi-hosting at osuosl.org<mailto:ibm-aix-ibmi-hosting at osuosl.org>
https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.osuosl.org%2Fmailman%2Flistinfo%2Fibm-aix-ibmi-hosting&data=04%7C01%7Cclement.chigot%40atos.net%7C40e79e3888d64d972ef708d97d336511%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C637678482001049814%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=NYVz0t56emF1LHGOj6gu0MC434iyGrtn%2BKk1RDX9uL0%3D&reserved=0>


--
Lance Albertson
Director
Oregon State University | Open Source Lab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osuosl.org/pipermail/ibm-aix-ibmi-hosting/attachments/20210922/7b6a74f6/attachment-0001.html>


More information about the ibm-aix-ibmi-hosting mailing list