[ibm-aix-ibmi-hosting] Recurring security scans - and actions to be taken.

Michael Felt aixtools at felt.demon.nl
Thu Oct 7 06:26:56 UTC 2021


And, are we passing? I know a lot of work was being done - has that been 
effective?

On 21/09/2021 21:09, Lance Albertson wrote:
> Here's the latest report we got yesterday. Can we please fix the NTP 
> issue and the X Server issue soon please?
>
> Thanks!
>
> On Wed, Aug 25, 2021 at 1:57 AM Michael Felt <aixtools at felt.demon.nl 
> <mailto:aixtools at felt.demon.nl>> wrote:
>
>     * per below, mariadb is fixed.
>     * in earlier convos, golang admins have indicated they will update
>     the
>     HTTP software.
>     * I have opened a slack chat with ojdk infrastructure re: the active
>     port 6000. The jenkins user is starting the program /usr/bin/X11/X
>     - if
>     it is needed for testing my proposal will be to block port 6000 on
>     the
>     WAN interface (leaving it open on 127.0.0.1).
>
>     On 25/08/2021 05:44, Daniel Black wrote:
>     > Opps, me looks up
>     >
>     > On Thu, Aug 19, 2021 at 6:44 AM Michael Felt
>     <aixtools at felt.demon.nl <mailto:aixtools at felt.demon.nl>> wrote:
>     >> If you don't need any of the inetd services - also stop the
>     inetd process.
>     >>
>     >> # /usr/sbin/chrctcp -S -d inetd
>     >>
>     >
>     > On Wed, Aug 25, 2021 at 1:43 PM Daniel Black <daniel at mariadb.org
>     <mailto:daniel at mariadb.org>> wrote:
>     >> On Wed, Aug 25, 2021 at 10:09 AM Lance Albertson
>     <lance at osuosl.org <mailto:lance at osuosl.org>> wrote:
>     >>> All,
>     >>>
>     >>> Thanks for resolving the issues as reported last week. It
>     looks like all of the ntp problems have been resolved! I've
>     attached the report from yesterday so everyone can see.
>     >>>
>     >>> However we do have a few issues left that need to be fixed. It
>     appears that rexecd is running again on p8-aix1-mariadb.osuosl.org
>     <http://p8-aix1-mariadb.osuosl.org>. We need to make sure that
>     service is either disabled always or at least blocked off.
>     >> Thanks Lance,
>     >>
>     >> Seems corrected - (thanks Michael?)
>     >>
>     >> root at p8-aix1-mariadb:[/root]egrep -v '^(#|$)' /etc/inetd.conf
>     >> daytime stream  tcp     nowait  root    internal
>     >> time    stream  tcp     nowait  root    internal
>     >> daytime dgram   udp     wait    root    internal
>     >> time    dgram   udp     wait    root    internal
>     >> xmquery dgram   udp6    wait    root /usr/bin/xmtopas xmtopas -p3
>     >> caa_cfg stream  tcp6    nowait  root /usr/sbin/clusterconf
>     >> clusterconf >>/var/adm/ras/clusterconf.log 2>&1
>     >>
>     >> root at p8-aix1-mariadb:[/root]grep exec /etc/inetd.conf
>     >> ##      needs to be executed for inetd to re-read the
>     inetd.conf file.
>     >> #exec    stream  tcp6    nowait  root /usr/sbin/rexecd       rexecd
>     >>
>     >> Is disabling inetd possible/recommended?
>     >>
>     >> Is commenting all /etc/inetd.conf service the right way?
>     >>
>     >> Is disabling /etc/rc.tcpip to disable inetd and others sane?
>     >>
>     >>
>     https://www.ibm.com/docs/en/aix/7.1?topic=files-rctcpip-file-tcpip
>     <https://www.ibm.com/docs/en/aix/7.1?topic=files-rctcpip-file-tcpip>
>     >>
>     >>> I'll check back on this next week to see any progress.
>     -- 
>     ibm-aix-ibmi-hosting mailing list
>     ibm-aix-ibmi-hosting at osuosl.org
>     <mailto:ibm-aix-ibmi-hosting at osuosl.org>
>     https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting
>     <https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting>
>
>
>
> -- 
> Lance Albertson
> Director
> Oregon State University | Open Source Lab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osuosl.org/pipermail/ibm-aix-ibmi-hosting/attachments/20211007/b737648d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x722BFDB61F396FC2.asc
Type: application/pgp-keys
Size: 1761 bytes
Desc: OpenPGP public key
URL: <http://lists.osuosl.org/pipermail/ibm-aix-ibmi-hosting/attachments/20211007/b737648d/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osuosl.org/pipermail/ibm-aix-ibmi-hosting/attachments/20211007/b737648d/attachment.asc>


More information about the ibm-aix-ibmi-hosting mailing list