From lance at osuosl.org  Wed Nov 10 00:58:05 2021
From: lance at osuosl.org (Lance Albertson)
Date: Tue, 9 Nov 2021 16:58:05 -0800
Subject: [ibm-aix-ibmi-hosting] Recurring security scans - and actions
 to be taken.
In-Reply-To: <CAORfjXSqeYpOdu3MngBqK4Bt+SS=C+7dXyfAhtQQ+J1ew2M8TA@mail.gmail.com>
References: <f28841ff-af66-6f21-2d4f-90dcf21c29f7@felt.demon.nl>
 <CABVffEPgfyZvcfLuw1POdfxmLven3X3MVN8e4v6YPYXL+ZTNLg@mail.gmail.com>
 <ca56bf41-3579-c5eb-06cc-8c425ba694df@felt.demon.nl>
 <OF3D50E07C.1A5D5F7D-ON85258735.0071364C-85258735.00713C18@ibm.com>
 <CAORfjXQGdB2tD-XyJ_Y7SQ+9FrpvCwv-vXRKc7B8iqiX6aPKNA@mail.gmail.com>
 <2a17a4d1-e80e-bd11-ae1d-61b2fcf1f4ee@felt.demon.nl>
 <CAORfjXSWNG3XEoqBHa3ko5t0MKowWPTELF-RV1w8zM_3FqWkoA@mail.gmail.com>
 <CAORfjXTMVeJABe_SPbEsA3Zfj=EW5aar_T=En+je7O-HCvf7rQ@mail.gmail.com>
 <CABVffEOLM0A_u6zR==XfXoaCYdDUgaax9pFW=jeGhqbQ242XQw@mail.gmail.com>
 <CABVffENmmpudSqbvRRhqOom3PmrgQugkuh_KUZt99yvGdM=eOg@mail.gmail.com>
 <f2b607fd-a209-38cc-ecac-25b3983138c4@felt.demon.nl>
 <CAORfjXTQUMh-pNf04RZ+NsC9JM4aiPou8SNjVrN2rrhqYmTvzg@mail.gmail.com>
 <da8a295f-2f21-9d00-9cc4-7e02e4c20890@felt.demon.nl>
 <CAORfjXQ2ux-opgueEPhaPaBXtVC2LscP2wMMhOOD=b8gyz5_JA@mail.gmail.com>
 <CAORfjXT-wWzLCbaYNjLFsMqxdUYRnVm1E9VPZPcBWGsrfM__8A@mail.gmail.com>
 <CAORfjXR8Zh3SWBX6aTUU0cHi2V69B0PDukQHc8+fP5917-1kBw@mail.gmail.com>
 <CAORfjXSqeYpOdu3MngBqK4Bt+SS=C+7dXyfAhtQQ+J1ew2M8TA@mail.gmail.com>
Message-ID: <CAORfjXS7jsESQrXS7u7Xi+FGW-__2sD=yi4OkSUKEz=Ssrr-Bw@mail.gmail.com>

Here's the report for this week.

Can we please have some progress on getting these addressed?

Thanks!

On Wed, Oct 27, 2021 at 2:05 PM Lance Albertson <lance at osuosl.org> wrote:

> Here's the latest report for the week.
>
> Thanks-
>
> On Mon, Oct 18, 2021 at 1:33 PM Lance Albertson <lance at osuosl.org> wrote:
>
>> Here's the latest report. Keep in mind we changed the reverse DNS on the
>> nodejs node after this report was made, so make sure you match it up with
>> the IP address shown.
>>
>> On Mon, Oct 11, 2021 at 3:09 PM Lance Albertson <lance at osuosl.org> wrote:
>>
>>> Here's the latest report from last week. Looks like all of those Apache
>>> reports were resolved on the golang host. However, I still see X Server
>>> ports on a few hosts along with NTP ports.
>>>
>>> Any updates on getting the CI fixed on those JDK hosts so they don't
>>> leave the X server port open to the internet?
>>>
>>> Thanks-
>>>
>>> On Thu, Oct 7, 2021 at 10:14 AM Lance Albertson <lance at osuosl.org>
>>> wrote:
>>>
>>>> I haven't had a chance to look at the recent reports. I was waiting on
>>>> the report for this week to send an update but haven't gotten it yet. Once
>>>> I get the most recent report, I'll send an update. There hasn't been much
>>>> change in the past few weeks when I checked so I'm going to assume similar
>>>> findings.
>>>>
>>>> On Wed, Oct 6, 2021 at 11:27 PM Michael Felt <aixtools at felt.demon.nl>
>>>> wrote:
>>>>
>>>>> And, are we passing? I know a lot of work was being done - has that
>>>>> been effective?
>>>>> On 21/09/2021 21:09, Lance Albertson wrote:
>>>>>
>>>>> Here's the latest report we got yesterday. Can we please fix the NTP
>>>>> issue and the X Server issue soon please?
>>>>>
>>>>> Thanks!
>>>>>
>>>>> On Wed, Aug 25, 2021 at 1:57 AM Michael Felt <aixtools at felt.demon.nl>
>>>>> wrote:
>>>>>
>>>>>> * per below, mariadb is fixed.
>>>>>> * in earlier convos, golang admins have indicated they will update
>>>>>> the
>>>>>> HTTP software.
>>>>>> * I have opened a slack chat with ojdk infrastructure re: the active
>>>>>> port 6000. The jenkins user is starting the program /usr/bin/X11/X -
>>>>>> if
>>>>>> it is needed for testing my proposal will be to block port 6000 on
>>>>>> the
>>>>>> WAN interface (leaving it open on 127.0.0.1).
>>>>>>
>>>>>> On 25/08/2021 05:44, Daniel Black wrote:
>>>>>> > Opps, me looks up
>>>>>> >
>>>>>> > On Thu, Aug 19, 2021 at 6:44 AM Michael Felt <
>>>>>> aixtools at felt.demon.nl> wrote:
>>>>>> >> If you don't need any of the inetd services - also stop the inetd
>>>>>> process.
>>>>>> >>
>>>>>> >> # /usr/sbin/chrctcp -S -d inetd
>>>>>> >>
>>>>>> >
>>>>>> > On Wed, Aug 25, 2021 at 1:43 PM Daniel Black <daniel at mariadb.org>
>>>>>> wrote:
>>>>>> >> On Wed, Aug 25, 2021 at 10:09 AM Lance Albertson <lance at osuosl.org>
>>>>>> wrote:
>>>>>> >>> All,
>>>>>> >>>
>>>>>> >>> Thanks for resolving the issues as reported last week. It looks
>>>>>> like all of the ntp problems have been resolved! I've attached the report
>>>>>> from yesterday so everyone can see.
>>>>>> >>>
>>>>>> >>> However we do have a few issues left that need to be fixed. It
>>>>>> appears that rexecd is running again on p8-aix1-mariadb.osuosl.org.
>>>>>> We need to make sure that service is either disabled always or at least
>>>>>> blocked off.
>>>>>> >> Thanks Lance,
>>>>>> >>
>>>>>> >> Seems corrected - (thanks Michael?)
>>>>>> >>
>>>>>> >> root at p8-aix1-mariadb:[/root]egrep -v '^(#|$)' /etc/inetd.conf
>>>>>> >> daytime stream  tcp     nowait  root    internal
>>>>>> >> time    stream  tcp     nowait  root    internal
>>>>>> >> daytime dgram   udp     wait    root    internal
>>>>>> >> time    dgram   udp     wait    root    internal
>>>>>> >> xmquery dgram   udp6    wait    root    /usr/bin/xmtopas xmtopas
>>>>>> -p3
>>>>>> >> caa_cfg stream  tcp6    nowait  root    /usr/sbin/clusterconf
>>>>>> >> clusterconf >>/var/adm/ras/clusterconf.log 2>&1
>>>>>> >>
>>>>>> >> root at p8-aix1-mariadb:[/root]grep exec /etc/inetd.conf
>>>>>> >> ##      needs to be executed for inetd to re-read the inetd.conf
>>>>>> file.
>>>>>> >> #exec    stream  tcp6    nowait  root    /usr/sbin/rexecd
>>>>>>  rexecd
>>>>>> >>
>>>>>> >> Is disabling inetd possible/recommended?
>>>>>> >>
>>>>>> >> Is commenting all /etc/inetd.conf service the right way?
>>>>>> >>
>>>>>> >> Is disabling /etc/rc.tcpip to disable inetd and others sane?
>>>>>> >>
>>>>>> >> https://www.ibm.com/docs/en/aix/7.1?topic=files-rctcpip-file-tcpip
>>>>>> >>
>>>>>> >>> I'll check back on this next week to see any progress.
>>>>>> --
>>>>>> ibm-aix-ibmi-hosting mailing list
>>>>>> ibm-aix-ibmi-hosting at osuosl.org
>>>>>> https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Lance Albertson
>>>>> Director
>>>>> Oregon State University | Open Source Lab
>>>>>
>>>>> --
>>>>> ibm-aix-ibmi-hosting mailing list
>>>>> ibm-aix-ibmi-hosting at osuosl.org
>>>>> https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting
>>>>>
>>>>
>>>>
>>>> --
>>>> Lance Albertson
>>>> Director
>>>> Oregon State University | Open Source Lab
>>>>
>>>
>>>
>>> --
>>> Lance Albertson
>>> Director
>>> Oregon State University | Open Source Lab
>>>
>>
>>
>> --
>> Lance Albertson
>> Director
>> Oregon State University | Open Source Lab
>>
>
>
> --
> Lance Albertson
> Director
> Oregon State University | Open Source Lab
>


-- 
Lance Albertson
Director
Oregon State University | Open Source Lab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osuosl.org/pipermail/ibm-aix-ibmi-hosting/attachments/20211109/baa9ed5d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aix-2021-11-07.csv
Type: text/csv
Size: 3096 bytes
Desc: not available
URL: <http://lists.osuosl.org/pipermail/ibm-aix-ibmi-hosting/attachments/20211109/baa9ed5d/attachment.csv>

From clement.chigot at atos.net  Wed Nov 10 07:50:01 2021
From: clement.chigot at atos.net (CHIGOT, CLEMENT)
Date: Wed, 10 Nov 2021 07:50:01 +0000
Subject: [ibm-aix-ibmi-hosting] Recurring security scans - and actions
 to be taken.
In-Reply-To: <CAORfjXS7jsESQrXS7u7Xi+FGW-__2sD=yi4OkSUKEz=Ssrr-Bw@mail.gmail.com>
References: <f28841ff-af66-6f21-2d4f-90dcf21c29f7@felt.demon.nl>
 <CABVffEPgfyZvcfLuw1POdfxmLven3X3MVN8e4v6YPYXL+ZTNLg@mail.gmail.com>
 <ca56bf41-3579-c5eb-06cc-8c425ba694df@felt.demon.nl>
 <OF3D50E07C.1A5D5F7D-ON85258735.0071364C-85258735.00713C18@ibm.com>
 <CAORfjXQGdB2tD-XyJ_Y7SQ+9FrpvCwv-vXRKc7B8iqiX6aPKNA@mail.gmail.com>
 <2a17a4d1-e80e-bd11-ae1d-61b2fcf1f4ee@felt.demon.nl>
 <CAORfjXSWNG3XEoqBHa3ko5t0MKowWPTELF-RV1w8zM_3FqWkoA@mail.gmail.com>
 <CAORfjXTMVeJABe_SPbEsA3Zfj=EW5aar_T=En+je7O-HCvf7rQ@mail.gmail.com>
 <CABVffEOLM0A_u6zR==XfXoaCYdDUgaax9pFW=jeGhqbQ242XQw@mail.gmail.com>
 <CABVffENmmpudSqbvRRhqOom3PmrgQugkuh_KUZt99yvGdM=eOg@mail.gmail.com>
 <f2b607fd-a209-38cc-ecac-25b3983138c4@felt.demon.nl>
 <CAORfjXTQUMh-pNf04RZ+NsC9JM4aiPou8SNjVrN2rrhqYmTvzg@mail.gmail.com>
 <da8a295f-2f21-9d00-9cc4-7e02e4c20890@felt.demon.nl>
 <CAORfjXQ2ux-opgueEPhaPaBXtVC2LscP2wMMhOOD=b8gyz5_JA@mail.gmail.com>
 <CAORfjXT-wWzLCbaYNjLFsMqxdUYRnVm1E9VPZPcBWGsrfM__8A@mail.gmail.com>
 <CAORfjXR8Zh3SWBX6aTUU0cHi2V69B0PDukQHc8+fP5917-1kBw@mail.gmail.com>
 <CAORfjXSqeYpOdu3MngBqK4Bt+SS=C+7dXyfAhtQQ+J1ew2M8TA@mail.gmail.com>
 <CAORfjXS7jsESQrXS7u7Xi+FGW-__2sD=yi4OkSUKEz=Ssrr-Bw@mail.gmail.com>
Message-ID: <PA4PR02MB668626FD05EEA5F55F7703BFEA939@PA4PR02MB6686.eurprd02.prod.outlook.com>

The Golang should be good now. I've missed something last time.

Thanks,
Cl?ment
________________________________
From: ibm-aix-ibmi-hosting <ibm-aix-ibmi-hosting-bounces at osuosl.org> on behalf of Lance Albertson <lance at osuosl.org>
Sent: Wednesday, November 10, 2021 1:58 AM
To: ibm-aix-ibmi-hosting at osuosl.org <ibm-aix-ibmi-hosting at osuosl.org>
Subject: Re: [ibm-aix-ibmi-hosting] Recurring security scans - and actions to be taken.


Caution! External email. Do not open attachments or click links, unless this email comes from a known sender and you know the content is safe.

Here's the report for this week.

Can we please have some progress on getting these addressed?

Thanks!

On Wed, Oct 27, 2021 at 2:05 PM Lance Albertson <lance at osuosl.org<mailto:lance at osuosl.org>> wrote:
Here's the latest report for the week.

Thanks-

On Mon, Oct 18, 2021 at 1:33 PM Lance Albertson <lance at osuosl.org<mailto:lance at osuosl.org>> wrote:
Here's the latest report. Keep in mind we changed the reverse DNS on the nodejs node after this report was made, so make sure you match it up with the IP address shown.

On Mon, Oct 11, 2021 at 3:09 PM Lance Albertson <lance at osuosl.org<mailto:lance at osuosl.org>> wrote:
Here's the latest report from last week. Looks like all of those Apache reports were resolved on the golang host. However, I still see X Server ports on a few hosts along with NTP ports.

Any updates on getting the CI fixed on those JDK hosts so they don't leave the X server port open to the internet?

Thanks-

On Thu, Oct 7, 2021 at 10:14 AM Lance Albertson <lance at osuosl.org<mailto:lance at osuosl.org>> wrote:
I haven't had a chance to look at the recent reports. I was waiting on the report for this week to send an update but haven't gotten it yet. Once I get the most recent report, I'll send an update. There hasn't been much change in the past few weeks when I checked so I'm going to assume similar findings.

On Wed, Oct 6, 2021 at 11:27 PM Michael Felt <aixtools at felt.demon.nl<mailto:aixtools at felt.demon.nl>> wrote:

And, are we passing? I know a lot of work was being done - has that been effective?

On 21/09/2021 21:09, Lance Albertson wrote:
Here's the latest report we got yesterday. Can we please fix the NTP issue and the X Server issue soon please?

Thanks!

On Wed, Aug 25, 2021 at 1:57 AM Michael Felt <aixtools at felt.demon.nl<mailto:aixtools at felt.demon.nl>> wrote:
* per below, mariadb is fixed.
* in earlier convos, golang admins have indicated they will update the
HTTP software.
* I have opened a slack chat with ojdk infrastructure re: the active
port 6000. The jenkins user is starting the program /usr/bin/X11/X - if
it is needed for testing my proposal will be to block port 6000 on the
WAN interface (leaving it open on 127.0.0.1).

On 25/08/2021 05:44, Daniel Black wrote:
> Opps, me looks up
>
> On Thu, Aug 19, 2021 at 6:44 AM Michael Felt <aixtools at felt.demon.nl<mailto:aixtools at felt.demon.nl>> wrote:
>> If you don't need any of the inetd services - also stop the inetd process.
>>
>> # /usr/sbin/chrctcp -S -d inetd
>>
>
> On Wed, Aug 25, 2021 at 1:43 PM Daniel Black <daniel at mariadb.org<mailto:daniel at mariadb.org>> wrote:
>> On Wed, Aug 25, 2021 at 10:09 AM Lance Albertson <lance at osuosl.org<mailto:lance at osuosl.org>> wrote:
>>> All,
>>>
>>> Thanks for resolving the issues as reported last week. It looks like all of the ntp problems have been resolved! I've attached the report from yesterday so everyone can see.
>>>
>>> However we do have a few issues left that need to be fixed. It appears that rexecd is running again on p8-aix1-mariadb.osuosl.org<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fp8-aix1-mariadb.osuosl.org%2F&data=04%7C01%7Cclement.chigot%40atos.net%7Ce9d8d75982434388d9fd08d9a3e53a28%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C637721027244687453%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8hKSPiC8BZp8ejtWfnlc2ycuu%2Fn51zPQLWN7o7fq5Bo%3D&reserved=0>. We need to make sure that service is either disabled always or at least blocked off.
>> Thanks Lance,
>>
>> Seems corrected - (thanks Michael?)
>>
>> root at p8-aix1-mariadb:[/root]egrep -v '^(#|$)' /etc/inetd.conf
>> daytime stream  tcp     nowait  root    internal
>> time    stream  tcp     nowait  root    internal
>> daytime dgram   udp     wait    root    internal
>> time    dgram   udp     wait    root    internal
>> xmquery dgram   udp6    wait    root    /usr/bin/xmtopas xmtopas -p3
>> caa_cfg stream  tcp6    nowait  root    /usr/sbin/clusterconf
>> clusterconf >>/var/adm/ras/clusterconf.log 2>&1
>>
>> root at p8-aix1-mariadb:[/root]grep exec /etc/inetd.conf
>> ##      needs to be executed for inetd to re-read the inetd.conf file.
>> #exec    stream  tcp6    nowait  root    /usr/sbin/rexecd       rexecd
>>
>> Is disabling inetd possible/recommended?
>>
>> Is commenting all /etc/inetd.conf service the right way?
>>
>> Is disabling /etc/rc.tcpip to disable inetd and others sane?
>>
>> https://www.ibm.com/docs/en/aix/7.1?topic=files-rctcpip-file-tcpip<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ibm.com%2Fdocs%2Fen%2Faix%2F7.1%3Ftopic%3Dfiles-rctcpip-file-tcpip&data=04%7C01%7Cclement.chigot%40atos.net%7Ce9d8d75982434388d9fd08d9a3e53a28%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C637721027244687453%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OG8%2FYlr%2FfMMSh0KbLtfWi7etPdq0QOFEGuFEBnZRXXk%3D&reserved=0>
>>
>>> I'll check back on this next week to see any progress.
--
ibm-aix-ibmi-hosting mailing list
ibm-aix-ibmi-hosting at osuosl.org<mailto:ibm-aix-ibmi-hosting at osuosl.org>
https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.osuosl.org%2Fmailman%2Flistinfo%2Fibm-aix-ibmi-hosting&data=04%7C01%7Cclement.chigot%40atos.net%7Ce9d8d75982434388d9fd08d9a3e53a28%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C637721027244697410%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ebIE3VSi%2BLxjykbtKi9JPV5ax7LXE%2F0iaEwdRj645kg%3D&reserved=0>


--
Lance Albertson
Director
Oregon State University | Open Source Lab


--
ibm-aix-ibmi-hosting mailing list
ibm-aix-ibmi-hosting at osuosl.org<mailto:ibm-aix-ibmi-hosting at osuosl.org>
https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.osuosl.org%2Fmailman%2Flistinfo%2Fibm-aix-ibmi-hosting&data=04%7C01%7Cclement.chigot%40atos.net%7Ce9d8d75982434388d9fd08d9a3e53a28%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C637721027244697410%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ebIE3VSi%2BLxjykbtKi9JPV5ax7LXE%2F0iaEwdRj645kg%3D&reserved=0>


--
Lance Albertson
Director
Oregon State University | Open Source Lab


--
Lance Albertson
Director
Oregon State University | Open Source Lab


--
Lance Albertson
Director
Oregon State University | Open Source Lab


--
Lance Albertson
Director
Oregon State University | Open Source Lab


--
Lance Albertson
Director
Oregon State University | Open Source Lab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osuosl.org/pipermail/ibm-aix-ibmi-hosting/attachments/20211110/e54c4d00/attachment-0001.html>

From aixtools at felt.demon.nl  Wed Nov 10 13:34:54 2021
From: aixtools at felt.demon.nl (Michael Felt)
Date: Wed, 10 Nov 2021 14:34:54 +0100
Subject: [ibm-aix-ibmi-hosting] Recurring security scans - and actions
 to be taken.
In-Reply-To: <CAORfjXS7jsESQrXS7u7Xi+FGW-__2sD=yi4OkSUKEz=Ssrr-Bw@mail.gmail.com>
References: <f28841ff-af66-6f21-2d4f-90dcf21c29f7@felt.demon.nl>
 <CAORfjXQGdB2tD-XyJ_Y7SQ+9FrpvCwv-vXRKc7B8iqiX6aPKNA@mail.gmail.com>
 <2a17a4d1-e80e-bd11-ae1d-61b2fcf1f4ee@felt.demon.nl>
 <CAORfjXSWNG3XEoqBHa3ko5t0MKowWPTELF-RV1w8zM_3FqWkoA@mail.gmail.com>
 <CAORfjXTMVeJABe_SPbEsA3Zfj=EW5aar_T=En+je7O-HCvf7rQ@mail.gmail.com>
 <CABVffEOLM0A_u6zR==XfXoaCYdDUgaax9pFW=jeGhqbQ242XQw@mail.gmail.com>
 <CABVffENmmpudSqbvRRhqOom3PmrgQugkuh_KUZt99yvGdM=eOg@mail.gmail.com>
 <f2b607fd-a209-38cc-ecac-25b3983138c4@felt.demon.nl>
 <CAORfjXTQUMh-pNf04RZ+NsC9JM4aiPou8SNjVrN2rrhqYmTvzg@mail.gmail.com>
 <da8a295f-2f21-9d00-9cc4-7e02e4c20890@felt.demon.nl>
 <CAORfjXQ2ux-opgueEPhaPaBXtVC2LscP2wMMhOOD=b8gyz5_JA@mail.gmail.com>
 <CAORfjXT-wWzLCbaYNjLFsMqxdUYRnVm1E9VPZPcBWGsrfM__8A@mail.gmail.com>
 <CAORfjXR8Zh3SWBX6aTUU0cHi2V69B0PDukQHc8+fP5917-1kBw@mail.gmail.com>
 <CAORfjXSqeYpOdu3MngBqK4Bt+SS=C+7dXyfAhtQQ+J1ew2M8TA@mail.gmail.com>
 <CAORfjXS7jsESQrXS7u7Xi+FGW-__2sD=yi4OkSUKEz=Ssrr-Bw@mail.gmail.com>
Message-ID: <3fd5453b-e735-a9dc-bc07-71e73cca94af@felt.demon.nl>

The NTP services have been re-visited and should be good now. Two of the 
systems had been re-installed - and I have fixed the installation files, 
so new installations do not start out bad.

The two X11 services are from some tests gone bad. The patch to prevent 
listening on port 6000 has been merged - and we should not see that anymore.

The "TRACK and TRACE" by the golang apache server - I cannot fix. They 
must address that themselves.

Michael

On 10/11/2021 01:58, Lance Albertson wrote:
> Here's the report for this week.
>
> Can we please have some progress on getting these addressed?
>
> Thanks!
>
> On Wed, Oct 27, 2021 at 2:05 PM Lance Albertson <lance at osuosl.org> wrote:
>
>     Here's the latest report for the week.
>
>     Thanks-
>
>     On Mon, Oct 18, 2021 at 1:33 PM Lance Albertson <lance at osuosl.org>
>     wrote:
>
>         Here's the latest report. Keep in mind we changed the reverse
>         DNS on the nodejs node after this report was made, so make
>         sure you match it up with the IP address shown.
>
>         On Mon, Oct 11, 2021 at 3:09 PM Lance Albertson
>         <lance at osuosl.org> wrote:
>
>             Here's the latest report from last week. Looks like all of
>             those Apache reports were resolved on the golang host.
>             However, I still see X Server ports on a few hosts along
>             with NTP ports.
>
>             Any updates on getting the CI fixed on those JDK hosts so
>             they don't leave the X server port open to the internet?
>
>             Thanks-
>
>             On Thu, Oct 7, 2021 at 10:14 AM Lance Albertson
>             <lance at osuosl.org> wrote:
>
>                 I haven't had a chance to look at the recent reports.
>                 I was waiting on the report for this week to send an
>                 update but haven't gotten it yet. Once I get the most
>                 recent report, I'll send an update. There hasn't been
>                 much change in the past few weeks when I checked so
>                 I'm going to assume similar findings.
>
>                 On Wed, Oct 6, 2021 at 11:27 PM Michael Felt
>                 <aixtools at felt.demon.nl> wrote:
>
>                     And, are we passing? I know a lot of work was
>                     being done - has that been effective?
>
>                     On 21/09/2021 21:09, Lance Albertson wrote:
>>                     Here's the latest report we got yesterday. Can?we
>>                     please fix the NTP issue and the X Server issue
>>                     soon please?
>>
>>                     Thanks!
>>
>>                     On Wed, Aug 25, 2021 at 1:57 AM Michael Felt
>>                     <aixtools at felt.demon.nl> wrote:
>>
>>                         * per below, mariadb is fixed.
>>                         * in earlier convos, golang admins have
>>                         indicated they will update the
>>                         HTTP software.
>>                         * I have opened a slack chat with ojdk
>>                         infrastructure re: the active
>>                         port 6000. The jenkins user is starting the
>>                         program /usr/bin/X11/X - if
>>                         it is needed for testing my proposal will be
>>                         to block port 6000 on the
>>                         WAN interface (leaving it open on 127.0.0.1).
>>
>>                         On 25/08/2021 05:44, Daniel Black wrote:
>>                         > Opps, me looks up
>>                         >
>>                         > On Thu, Aug 19, 2021 at 6:44 AM Michael
>>                         Felt <aixtools at felt.demon.nl> wrote:
>>                         >> If you don't need any of the inetd
>>                         services - also stop the inetd process.
>>                         >>
>>                         >> # /usr/sbin/chrctcp -S -d inetd
>>                         >>
>>                         >
>>                         > On Wed, Aug 25, 2021 at 1:43 PM Daniel
>>                         Black <daniel at mariadb.org> wrote:
>>                         >> On Wed, Aug 25, 2021 at 10:09 AM Lance
>>                         Albertson <lance at osuosl.org> wrote:
>>                         >>> All,
>>                         >>>
>>                         >>> Thanks for resolving the issues as
>>                         reported last week. It looks like all of the
>>                         ntp problems have been resolved! I've
>>                         attached the report from yesterday so
>>                         everyone can see.
>>                         >>>
>>                         >>> However we do have a few issues left that
>>                         need to be fixed. It appears that rexecd is
>>                         running again on p8-aix1-mariadb.osuosl.org
>>                         <http://p8-aix1-mariadb.osuosl.org>. We need
>>                         to make sure that service is either disabled
>>                         always or at least blocked off.
>>                         >> Thanks Lance,
>>                         >>
>>                         >> Seems corrected - (thanks Michael?)
>>                         >>
>>                         >> root at p8-aix1-mariadb:[/root]egrep -v
>>                         '^(#|$)' /etc/inetd.conf
>>                         >> daytime stream? tcp ?nowait? root? ? internal
>>                         >> time? ? stream? tcp ?nowait? root? ? internal
>>                         >> daytime dgram? ?udp? ? ?wait ? root? ?
>>                         internal
>>                         >> time? ? dgram? ?udp? ? ?wait ? root? ?
>>                         internal
>>                         >> xmquery dgram? ?udp6? ? wait ? root? ?
>>                         /usr/bin/xmtopas xmtopas -p3
>>                         >> caa_cfg stream? tcp6 nowait? root? ?
>>                         /usr/sbin/clusterconf
>>                         >> clusterconf >>/var/adm/ras/clusterconf.log
>>                         2>&1
>>                         >>
>>                         >> root at p8-aix1-mariadb:[/root]grep exec
>>                         /etc/inetd.conf
>>                         >> ##? ? ? needs to be executed for inetd to
>>                         re-read the inetd.conf file.
>>                         >> #exec? ? stream? tcp6 nowait? root? ?
>>                         /usr/sbin/rexecd ?rexecd
>>                         >>
>>                         >> Is disabling inetd possible/recommended?
>>                         >>
>>                         >> Is commenting all /etc/inetd.conf service
>>                         the right way?
>>                         >>
>>                         >> Is disabling /etc/rc.tcpip to disable
>>                         inetd and others sane?
>>                         >>
>>                         >>
>>                         https://www.ibm.com/docs/en/aix/7.1?topic=files-rctcpip-file-tcpip
>>                         >>
>>                         >>> I'll check back on this next week to see
>>                         any progress.
>>                         -- 
>>                         ibm-aix-ibmi-hosting mailing list
>>                         ibm-aix-ibmi-hosting at osuosl.org
>>                         https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting
>>
>>
>>
>>                     -- 
>>                     Lance Albertson
>>                     Director
>>                     Oregon State University | Open Source Lab
>>
>                     -- 
>                     ibm-aix-ibmi-hosting mailing list
>                     ibm-aix-ibmi-hosting at osuosl.org
>                     https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting
>
>
>
>                 -- 
>                 Lance Albertson
>                 Director
>                 Oregon State University | Open Source Lab
>
>
>
>             -- 
>             Lance Albertson
>             Director
>             Oregon State University | Open Source Lab
>
>
>
>         -- 
>         Lance Albertson
>         Director
>         Oregon State University | Open Source Lab
>
>
>
>     -- 
>     Lance Albertson
>     Director
>     Oregon State University | Open Source Lab
>
>
>
> -- 
> Lance Albertson
> Director
> Oregon State University | Open Source Lab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osuosl.org/pipermail/ibm-aix-ibmi-hosting/attachments/20211110/d2ea687f/attachment-0001.html>

From midawson at redhat.com  Wed Nov 10 14:00:45 2021
From: midawson at redhat.com (Michael Dawson)
Date: Wed, 10 Nov 2021 09:00:45 -0500
Subject: [ibm-aix-ibmi-hosting] Recurring security scans - and actions
 to be taken.
In-Reply-To: <3fd5453b-e735-a9dc-bc07-71e73cca94af@felt.demon.nl>
References: <f28841ff-af66-6f21-2d4f-90dcf21c29f7@felt.demon.nl>
 <CAORfjXQGdB2tD-XyJ_Y7SQ+9FrpvCwv-vXRKc7B8iqiX6aPKNA@mail.gmail.com>
 <2a17a4d1-e80e-bd11-ae1d-61b2fcf1f4ee@felt.demon.nl>
 <CAORfjXSWNG3XEoqBHa3ko5t0MKowWPTELF-RV1w8zM_3FqWkoA@mail.gmail.com>
 <CAORfjXTMVeJABe_SPbEsA3Zfj=EW5aar_T=En+je7O-HCvf7rQ@mail.gmail.com>
 <CABVffEOLM0A_u6zR==XfXoaCYdDUgaax9pFW=jeGhqbQ242XQw@mail.gmail.com>
 <CABVffENmmpudSqbvRRhqOom3PmrgQugkuh_KUZt99yvGdM=eOg@mail.gmail.com>
 <f2b607fd-a209-38cc-ecac-25b3983138c4@felt.demon.nl>
 <CAORfjXTQUMh-pNf04RZ+NsC9JM4aiPou8SNjVrN2rrhqYmTvzg@mail.gmail.com>
 <da8a295f-2f21-9d00-9cc4-7e02e4c20890@felt.demon.nl>
 <CAORfjXQ2ux-opgueEPhaPaBXtVC2LscP2wMMhOOD=b8gyz5_JA@mail.gmail.com>
 <CAORfjXT-wWzLCbaYNjLFsMqxdUYRnVm1E9VPZPcBWGsrfM__8A@mail.gmail.com>
 <CAORfjXR8Zh3SWBX6aTUU0cHi2V69B0PDukQHc8+fP5917-1kBw@mail.gmail.com>
 <CAORfjXSqeYpOdu3MngBqK4Bt+SS=C+7dXyfAhtQQ+J1ew2M8TA@mail.gmail.com>
 <CAORfjXS7jsESQrXS7u7Xi+FGW-__2sD=yi4OkSUKEz=Ssrr-Bw@mail.gmail.com>
 <3fd5453b-e735-a9dc-bc07-71e73cca94af@felt.demon.nl>
Message-ID: <CAH0iFcbxQNmViwehrEbNaviFRWNA-KAkALJ6v4VCkEDUtmL+Mg@mail.gmail.com>

Michael F, did you address the Node.js machine? I think that was due to the
re-install and that might be covered by your first point but want to be
sure.

On Wed, Nov 10, 2021 at 8:35 AM Michael Felt <aixtools at felt.demon.nl> wrote:

> The NTP services have been re-visited and should be good now. Two of the
> systems had been re-installed - and I have fixed the installation files, so
> new installations do not start out bad.
>
> The two X11 services are from some tests gone bad. The patch to prevent
> listening on port 6000 has been merged - and we should not see that anymore.
>
> The "TRACK and TRACE" by the golang apache server - I cannot fix. They
> must address that themselves.
>
> Michael
> On 10/11/2021 01:58, Lance Albertson wrote:
>
> Here's the report for this week.
>
> Can we please have some progress on getting these addressed?
>
> Thanks!
>
> On Wed, Oct 27, 2021 at 2:05 PM Lance Albertson <lance at osuosl.org> wrote:
>
>> Here's the latest report for the week.
>>
>> Thanks-
>>
>> On Mon, Oct 18, 2021 at 1:33 PM Lance Albertson <lance at osuosl.org> wrote:
>>
>>> Here's the latest report. Keep in mind we changed the reverse DNS on the
>>> nodejs node after this report was made, so make sure you match it up with
>>> the IP address shown.
>>>
>>> On Mon, Oct 11, 2021 at 3:09 PM Lance Albertson <lance at osuosl.org>
>>> wrote:
>>>
>>>> Here's the latest report from last week. Looks like all of those Apache
>>>> reports were resolved on the golang host. However, I still see X Server
>>>> ports on a few hosts along with NTP ports.
>>>>
>>>> Any updates on getting the CI fixed on those JDK hosts so they don't
>>>> leave the X server port open to the internet?
>>>>
>>>> Thanks-
>>>>
>>>> On Thu, Oct 7, 2021 at 10:14 AM Lance Albertson <lance at osuosl.org>
>>>> wrote:
>>>>
>>>>> I haven't had a chance to look at the recent reports. I was waiting on
>>>>> the report for this week to send an update but haven't gotten it yet. Once
>>>>> I get the most recent report, I'll send an update. There hasn't been much
>>>>> change in the past few weeks when I checked so I'm going to assume similar
>>>>> findings.
>>>>>
>>>>> On Wed, Oct 6, 2021 at 11:27 PM Michael Felt <aixtools at felt.demon.nl>
>>>>> wrote:
>>>>>
>>>>>> And, are we passing? I know a lot of work was being done - has that
>>>>>> been effective?
>>>>>> On 21/09/2021 21:09, Lance Albertson wrote:
>>>>>>
>>>>>> Here's the latest report we got yesterday. Can we please fix the NTP
>>>>>> issue and the X Server issue soon please?
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>> On Wed, Aug 25, 2021 at 1:57 AM Michael Felt <aixtools at felt.demon.nl>
>>>>>> wrote:
>>>>>>
>>>>>>> * per below, mariadb is fixed.
>>>>>>> * in earlier convos, golang admins have indicated they will update
>>>>>>> the
>>>>>>> HTTP software.
>>>>>>> * I have opened a slack chat with ojdk infrastructure re: the active
>>>>>>> port 6000. The jenkins user is starting the program /usr/bin/X11/X -
>>>>>>> if
>>>>>>> it is needed for testing my proposal will be to block port 6000 on
>>>>>>> the
>>>>>>> WAN interface (leaving it open on 127.0.0.1).
>>>>>>>
>>>>>>> On 25/08/2021 05:44, Daniel Black wrote:
>>>>>>> > Opps, me looks up
>>>>>>> >
>>>>>>> > On Thu, Aug 19, 2021 at 6:44 AM Michael Felt <
>>>>>>> aixtools at felt.demon.nl> wrote:
>>>>>>> >> If you don't need any of the inetd services - also stop the inetd
>>>>>>> process.
>>>>>>> >>
>>>>>>> >> # /usr/sbin/chrctcp -S -d inetd
>>>>>>> >>
>>>>>>> >
>>>>>>> > On Wed, Aug 25, 2021 at 1:43 PM Daniel Black <daniel at mariadb.org>
>>>>>>> wrote:
>>>>>>> >> On Wed, Aug 25, 2021 at 10:09 AM Lance Albertson <
>>>>>>> lance at osuosl.org> wrote:
>>>>>>> >>> All,
>>>>>>> >>>
>>>>>>> >>> Thanks for resolving the issues as reported last week. It looks
>>>>>>> like all of the ntp problems have been resolved! I've attached the report
>>>>>>> from yesterday so everyone can see.
>>>>>>> >>>
>>>>>>> >>> However we do have a few issues left that need to be fixed. It
>>>>>>> appears that rexecd is running again on p8-aix1-mariadb.osuosl.org.
>>>>>>> We need to make sure that service is either disabled always or at least
>>>>>>> blocked off.
>>>>>>> >> Thanks Lance,
>>>>>>> >>
>>>>>>> >> Seems corrected - (thanks Michael?)
>>>>>>> >>
>>>>>>> >> root at p8-aix1-mariadb:[/root]egrep -v '^(#|$)' /etc/inetd.conf
>>>>>>> >> daytime stream  tcp     nowait  root    internal
>>>>>>> >> time    stream  tcp     nowait  root    internal
>>>>>>> >> daytime dgram   udp     wait    root    internal
>>>>>>> >> time    dgram   udp     wait    root    internal
>>>>>>> >> xmquery dgram   udp6    wait    root    /usr/bin/xmtopas xmtopas
>>>>>>> -p3
>>>>>>> >> caa_cfg stream  tcp6    nowait  root    /usr/sbin/clusterconf
>>>>>>> >> clusterconf >>/var/adm/ras/clusterconf.log 2>&1
>>>>>>> >>
>>>>>>> >> root at p8-aix1-mariadb:[/root]grep exec /etc/inetd.conf
>>>>>>> >> ##      needs to be executed for inetd to re-read the inetd.conf
>>>>>>> file.
>>>>>>> >> #exec    stream  tcp6    nowait  root    /usr/sbin/rexecd
>>>>>>>  rexecd
>>>>>>> >>
>>>>>>> >> Is disabling inetd possible/recommended?
>>>>>>> >>
>>>>>>> >> Is commenting all /etc/inetd.conf service the right way?
>>>>>>> >>
>>>>>>> >> Is disabling /etc/rc.tcpip to disable inetd and others sane?
>>>>>>> >>
>>>>>>> >>
>>>>>>> https://www.ibm.com/docs/en/aix/7.1?topic=files-rctcpip-file-tcpip
>>>>>>> >>
>>>>>>> >>> I'll check back on this next week to see any progress.
>>>>>>> --
>>>>>>> ibm-aix-ibmi-hosting mailing list
>>>>>>> ibm-aix-ibmi-hosting at osuosl.org
>>>>>>> https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Lance Albertson
>>>>>> Director
>>>>>> Oregon State University | Open Source Lab
>>>>>>
>>>>>> --
>>>>>> ibm-aix-ibmi-hosting mailing list
>>>>>> ibm-aix-ibmi-hosting at osuosl.org
>>>>>> https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Lance Albertson
>>>>> Director
>>>>> Oregon State University | Open Source Lab
>>>>>
>>>>
>>>>
>>>> --
>>>> Lance Albertson
>>>> Director
>>>> Oregon State University | Open Source Lab
>>>>
>>>
>>>
>>> --
>>> Lance Albertson
>>> Director
>>> Oregon State University | Open Source Lab
>>>
>>
>>
>> --
>> Lance Albertson
>> Director
>> Oregon State University | Open Source Lab
>>
>
>
> --
> Lance Albertson
> Director
> Oregon State University | Open Source Lab
>
> --
> ibm-aix-ibmi-hosting mailing list
> ibm-aix-ibmi-hosting at osuosl.org
> https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osuosl.org/pipermail/ibm-aix-ibmi-hosting/attachments/20211110/d25c72bf/attachment-0001.html>

From lance at osuosl.org  Wed Nov 10 18:38:14 2021
From: lance at osuosl.org (Lance Albertson)
Date: Wed, 10 Nov 2021 10:38:14 -0800
Subject: [ibm-aix-ibmi-hosting] Recurring security scans - and actions
 to be taken.
In-Reply-To: <CAORfjXS7jsESQrXS7u7Xi+FGW-__2sD=yi4OkSUKEz=Ssrr-Bw@mail.gmail.com>
References: <f28841ff-af66-6f21-2d4f-90dcf21c29f7@felt.demon.nl>
 <CABVffEPgfyZvcfLuw1POdfxmLven3X3MVN8e4v6YPYXL+ZTNLg@mail.gmail.com>
 <ca56bf41-3579-c5eb-06cc-8c425ba694df@felt.demon.nl>
 <OF3D50E07C.1A5D5F7D-ON85258735.0071364C-85258735.00713C18@ibm.com>
 <CAORfjXQGdB2tD-XyJ_Y7SQ+9FrpvCwv-vXRKc7B8iqiX6aPKNA@mail.gmail.com>
 <2a17a4d1-e80e-bd11-ae1d-61b2fcf1f4ee@felt.demon.nl>
 <CAORfjXSWNG3XEoqBHa3ko5t0MKowWPTELF-RV1w8zM_3FqWkoA@mail.gmail.com>
 <CAORfjXTMVeJABe_SPbEsA3Zfj=EW5aar_T=En+je7O-HCvf7rQ@mail.gmail.com>
 <CABVffEOLM0A_u6zR==XfXoaCYdDUgaax9pFW=jeGhqbQ242XQw@mail.gmail.com>
 <CABVffENmmpudSqbvRRhqOom3PmrgQugkuh_KUZt99yvGdM=eOg@mail.gmail.com>
 <f2b607fd-a209-38cc-ecac-25b3983138c4@felt.demon.nl>
 <CAORfjXTQUMh-pNf04RZ+NsC9JM4aiPou8SNjVrN2rrhqYmTvzg@mail.gmail.com>
 <da8a295f-2f21-9d00-9cc4-7e02e4c20890@felt.demon.nl>
 <CAORfjXQ2ux-opgueEPhaPaBXtVC2LscP2wMMhOOD=b8gyz5_JA@mail.gmail.com>
 <CAORfjXT-wWzLCbaYNjLFsMqxdUYRnVm1E9VPZPcBWGsrfM__8A@mail.gmail.com>
 <CAORfjXR8Zh3SWBX6aTUU0cHi2V69B0PDukQHc8+fP5917-1kBw@mail.gmail.com>
 <CAORfjXSqeYpOdu3MngBqK4Bt+SS=C+7dXyfAhtQQ+J1ew2M8TA@mail.gmail.com>
 <CAORfjXS7jsESQrXS7u7Xi+FGW-__2sD=yi4OkSUKEz=Ssrr-Bw@mail.gmail.com>
Message-ID: <CAORfjXSkMdbFnNxdrVH2_mj7W2=EJAp0mhPrdJe3HG0Edi-2jw@mail.gmail.com>

[For whatever reason I got a DMARC bounce for your reply but I saw your
reply in the bounce]

> From: "CHIGOT, CLEMENT" <clement.chigot at atos.net>
> To: "ibm-aix-ibmi-hosting at osuosl.org" <ibm-aix-ibmi-hosting at osuosl.org>
> Cc:
> Bcc:
> Date: Wed, 10 Nov 2021 07:50:01 +0000
> Subject: Re: [ibm-aix-ibmi-hosting] Recurring security scans - and
actions to be taken.
> The Golang should be good now. I've missed something last time.
>
> Thanks,
> Cl?ment

Excellent! Thank you so much!

-- 
Lance Albertson
Director
Oregon State University | Open Source Lab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osuosl.org/pipermail/ibm-aix-ibmi-hosting/attachments/20211110/bdf2b408/attachment.html>

From aixtools at xs4all.nl  Wed Nov 10 14:02:35 2021
From: aixtools at xs4all.nl (Michael Felt)
Date: Wed, 10 Nov 2021 15:02:35 +0100 (CET)
Subject: [ibm-aix-ibmi-hosting] Recurring security scans - and actions
 to be taken.
In-Reply-To: <CAH0iFcbxQNmViwehrEbNaviFRWNA-KAkALJ6v4VCkEDUtmL+Mg@mail.gmail.com>
References: <f28841ff-af66-6f21-2d4f-90dcf21c29f7@felt.demon.nl>
 <CAORfjXQGdB2tD-XyJ_Y7SQ+9FrpvCwv-vXRKc7B8iqiX6aPKNA@mail.gmail.com>
 <2a17a4d1-e80e-bd11-ae1d-61b2fcf1f4ee@felt.demon.nl>
 <CAORfjXSWNG3XEoqBHa3ko5t0MKowWPTELF-RV1w8zM_3FqWkoA@mail.gmail.com>
 <CAORfjXTMVeJABe_SPbEsA3Zfj=EW5aar_T=En+je7O-HCvf7rQ@mail.gmail.com>
 <CABVffEOLM0A_u6zR==XfXoaCYdDUgaax9pFW=jeGhqbQ242XQw@mail.gmail.com>
 <CABVffENmmpudSqbvRRhqOom3PmrgQugkuh_KUZt99yvGdM=eOg@mail.gmail.com>
 <f2b607fd-a209-38cc-ecac-25b3983138c4@felt.demon.nl>
 <CAORfjXTQUMh-pNf04RZ+NsC9JM4aiPou8SNjVrN2rrhqYmTvzg@mail.gmail.com>
 <da8a295f-2f21-9d00-9cc4-7e02e4c20890@felt.demon.nl>
 <CAORfjXQ2ux-opgueEPhaPaBXtVC2LscP2wMMhOOD=b8gyz5_JA@mail.gmail.com>
 <CAORfjXT-wWzLCbaYNjLFsMqxdUYRnVm1E9VPZPcBWGsrfM__8A@mail.gmail.com>
 <CAORfjXR8Zh3SWBX6aTUU0cHi2V69B0PDukQHc8+fP5917-1kBw@mail.gmail.com>
 <CAORfjXSqeYpOdu3MngBqK4Bt+SS=C+7dXyfAhtQQ+J1ew2M8TA@mail.gmail.com>
 <CAORfjXS7jsESQrXS7u7Xi+FGW-__2sD=yi4OkSUKEz=Ssrr-Bw@mail.gmail.com>
 <3fd5453b-e735-a9dc-bc07-71e73cca94af@felt.demon.nl>
 <CAH0iFcbxQNmViwehrEbNaviFRWNA-KAkALJ6v4VCkEDUtmL+Mg@mail.gmail.com>
Message-ID: <1081798579.6025.1636552955264@ox-webmail.xs4all.nl>

Yes, nodejs updated. Also the hostnames updated.

> On 11/10/2021 15:00 Michael Dawson <midawson at redhat.com> wrote:
> 
> 
> Michael F, did you address the Node.js machine? I think that was due to the re-install and that might be covered by your first point but want to be sure.
> 
> On Wed, Nov 10, 2021 at 8:35 AM Michael Felt <aixtools at felt.demon.nl mailto:aixtools at felt.demon.nl > wrote:
> 
> > 
> > The NTP services have been re-visited and should be good now. Two of the systems had been re-installed - and I have fixed the installation files, so new installations do not start out bad.
> > 
> > The two X11 services are from some tests gone bad. The patch to prevent listening on port 6000 has been merged - and we should not see that anymore.
> > 
> > The "TRACK and TRACE" by the golang apache server - I cannot fix. They must address that themselves.
> > 
> > Michael
> > 
> > On 10/11/2021 01:58, Lance Albertson wrote:
> > 
> > > Here's the report for this week.
> > > 
> > > Can we please have some progress on getting these addressed?
> > > 
> > > Thanks!
> > > 
> > > On Wed, Oct 27, 2021 at 2:05 PM Lance Albertson <lance at osuosl.org mailto:lance at osuosl.org > wrote:
> > > 
> > > > Here's the latest report for the week.
> > > > 
> > > > Thanks-
> > > > 
> > > > On Mon, Oct 18, 2021 at 1:33 PM Lance Albertson <lance at osuosl.org mailto:lance at osuosl.org > wrote:
> > > > 
> > > > > Here's the latest report. Keep in mind we changed the reverse DNS on the nodejs node after this report was made, so make sure you match it up with the IP address shown.
> > > > > 
> > > > > On Mon, Oct 11, 2021 at 3:09 PM Lance Albertson <lance at osuosl.org mailto:lance at osuosl.org > wrote:
> > > > > 
> > > > > > Here's the latest report from last week. Looks like all of those Apache reports were resolved on the golang host. However, I still see X Server ports on a few hosts along with NTP ports.
> > > > > > 
> > > > > > Any updates on getting the CI fixed on those JDK hosts so they don't leave the X server port open to the internet?
> > > > > > 
> > > > > > Thanks-
> > > > > > 
> > > > > > On Thu, Oct 7, 2021 at 10:14 AM Lance Albertson <lance at osuosl.org mailto:lance at osuosl.org > wrote:
> > > > > > 
> > > > > > > I haven't had a chance to look at the recent reports. I was waiting on the report for this week to send an update but haven't gotten it yet. Once I get the most recent report, I'll send an update. There hasn't been much change in the past few weeks when I checked so I'm going to assume similar findings.
> > > > > > > 
> > > > > > > On Wed, Oct 6, 2021 at 11:27 PM Michael Felt <aixtools at felt.demon.nl mailto:aixtools at felt.demon.nl > wrote:
> > > > > > > 
> > > > > > > > 
> > > > > > > > And, are we passing? I know a lot of work was being done - has that been effective?
> > > > > > > > 
> > > > > > > > On 21/09/2021 21:09, Lance Albertson wrote:
> > > > > > > > 
> > > > > > > > > Here's the latest report we got yesterday. Can we please fix the NTP issue and the X Server issue soon please?
> > > > > > > > > 
> > > > > > > > > Thanks!
> > > > > > > > > 
> > > > > > > > > On Wed, Aug 25, 2021 at 1:57 AM Michael Felt <aixtools at felt.demon.nl mailto:aixtools at felt.demon.nl > wrote:
> > > > > > > > > 
> > > > > > > > > > * per below, mariadb is fixed.
> > > > > > > > > > * in earlier convos, golang admins have indicated they will update the
> > > > > > > > > > HTTP software.
> > > > > > > > > > * I have opened a slack chat with ojdk infrastructure re: the active
> > > > > > > > > > port 6000. The jenkins user is starting the program /usr/bin/X11/X - if
> > > > > > > > > > it is needed for testing my proposal will be to block port 6000 on the
> > > > > > > > > > WAN interface (leaving it open on 127.0.0.1).
> > > > > > > > > > 
> > > > > > > > > > On 25/08/2021 05:44, Daniel Black wrote:
> > > > > > > > > > > Opps, me looks up
> > > > > > > > > > >
> > > > > > > > > > > On Thu, Aug 19, 2021 at 6:44 AM Michael Felt <aixtools at felt.demon.nl mailto:aixtools at felt.demon.nl > wrote:
> > > > > > > > > > >> If you don't need any of the inetd services - also stop the inetd process.
> > > > > > > > > > >>
> > > > > > > > > > >> # /usr/sbin/chrctcp -S -d inetd
> > > > > > > > > > >>
> > > > > > > > > > >
> > > > > > > > > > > On Wed, Aug 25, 2021 at 1:43 PM Daniel Black <daniel at mariadb.org mailto:daniel at mariadb.org > wrote:
> > > > > > > > > > >> On Wed, Aug 25, 2021 at 10:09 AM Lance Albertson <lance at osuosl.org mailto:lance at osuosl.org > wrote:
> > > > > > > > > > >>> All,
> > > > > > > > > > >>>
> > > > > > > > > > >>> Thanks for resolving the issues as reported last week. It looks like all of the ntp problems have been resolved! I've attached the report from yesterday so everyone can see.
> > > > > > > > > > >>>
> > > > > > > > > > >>> However we do have a few issues left that need to be fixed. It appears that rexecd is running again onhttp://p8-aix1-mariadb.osuosl.org . We need to make sure that service is either disabled always or at least blocked off.
> > > > > > > > > > >> Thanks Lance,
> > > > > > > > > > >>
> > > > > > > > > > >> Seems corrected - (thanks Michael?)
> > > > > > > > > > >>
> > > > > > > > > > >> root at p8-aix1-mariadb:[/root]egrep -v '^(#|$)' /etc/inetd.conf
> > > > > > > > > > >> daytime stream  tcp     nowait  root    internal
> > > > > > > > > > >> time    stream  tcp     nowait  root    internal
> > > > > > > > > > >> daytime dgram   udp     wait    root    internal
> > > > > > > > > > >> time    dgram   udp     wait    root    internal
> > > > > > > > > > >> xmquery dgram   udp6    wait    root    /usr/bin/xmtopas xmtopas -p3
> > > > > > > > > > >> caa_cfg stream  tcp6    nowait  root    /usr/sbin/clusterconf
> > > > > > > > > > >> clusterconf >>/var/adm/ras/clusterconf.log 2>&1
> > > > > > > > > > >>
> > > > > > > > > > >> root at p8-aix1-mariadb:[/root]grep exec /etc/inetd.conf
> > > > > > > > > > >> ##      needs to be executed for inetd to re-read the inetd.conf file.
> > > > > > > > > > >> #exec    stream  tcp6    nowait  root    /usr/sbin/rexecd       rexecd
> > > > > > > > > > >>
> > > > > > > > > > >> Is disabling inetd possible/recommended?
> > > > > > > > > > >>
> > > > > > > > > > >> Is commenting all /etc/inetd.conf service the right way?
> > > > > > > > > > >>
> > > > > > > > > > >> Is disabling /etc/rc.tcpip to disable inetd and others sane?
> > > > > > > > > > >>
> > > > > > > > > > >> https://www.ibm.com/docs/en/aix/7.1?topic=files-rctcpip-file-tcpip
> > > > > > > > > > >>
> > > > > > > > > > >>> I'll check back on this next week to see any progress.
> > > > > > > > > > --
> > > > > > > > > > ibm-aix-ibmi-hosting mailing list
> > > > > > > > > > ibm-aix-ibmi-hosting at osuosl.org mailto:ibm-aix-ibmi-hosting at osuosl.org
> > > > > > > > > > https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting
> > > > > > > > > > 
> > > > > > > > > 
> > > > > > > > > 
> > > > > > > > > --
> > > > > > > > > Lance Albertson
> > > > > > > > > Director
> > > > > > > > > Oregon State University | Open Source Lab 
> > > > > > > > > 
> > > > > > > > > 
> > > > > > > > --
> > > > > > > > ibm-aix-ibmi-hosting mailing list
> > > > > > > > ibm-aix-ibmi-hosting at osuosl.org mailto:ibm-aix-ibmi-hosting at osuosl.org
> > > > > > > > https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting
> > > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > --
> > > > > > > Lance Albertson
> > > > > > > Director
> > > > > > > Oregon State University | Open Source Lab 
> > > > > > > 
> > > > > > 
> > > > > > 
> > > > > > --
> > > > > > Lance Albertson
> > > > > > Director
> > > > > > Oregon State University | Open Source Lab 
> > > > > > 
> > > > > 
> > > > > 
> > > > > --
> > > > > Lance Albertson
> > > > > Director
> > > > > Oregon State University | Open Source Lab 
> > > > > 
> > > > 
> > > > 
> > > > --
> > > > Lance Albertson
> > > > Director
> > > > Oregon State University | Open Source Lab 
> > > > 
> > > 
> > > 
> > > --
> > > Lance Albertson
> > > Director
> > > Oregon State University | Open Source Lab 
> > > 
> > > 
> > --
> > ibm-aix-ibmi-hosting mailing list
> > ibm-aix-ibmi-hosting at osuosl.org mailto:ibm-aix-ibmi-hosting at osuosl.org
> > https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting
> > 
> --
> ibm-aix-ibmi-hosting mailing list
> ibm-aix-ibmi-hosting at osuosl.org
> https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osuosl.org/pipermail/ibm-aix-ibmi-hosting/attachments/20211110/364c38ad/attachment-0001.html>

From midawson at redhat.com  Wed Nov 10 20:17:28 2021
From: midawson at redhat.com (Michael Dawson)
Date: Wed, 10 Nov 2021 15:17:28 -0500
Subject: [ibm-aix-ibmi-hosting] Recurring security scans - and actions
 to be taken.
In-Reply-To: <CAORfjXSkMdbFnNxdrVH2_mj7W2=EJAp0mhPrdJe3HG0Edi-2jw@mail.gmail.com>
References: <f28841ff-af66-6f21-2d4f-90dcf21c29f7@felt.demon.nl>
 <CABVffEPgfyZvcfLuw1POdfxmLven3X3MVN8e4v6YPYXL+ZTNLg@mail.gmail.com>
 <ca56bf41-3579-c5eb-06cc-8c425ba694df@felt.demon.nl>
 <OF3D50E07C.1A5D5F7D-ON85258735.0071364C-85258735.00713C18@ibm.com>
 <CAORfjXQGdB2tD-XyJ_Y7SQ+9FrpvCwv-vXRKc7B8iqiX6aPKNA@mail.gmail.com>
 <2a17a4d1-e80e-bd11-ae1d-61b2fcf1f4ee@felt.demon.nl>
 <CAORfjXSWNG3XEoqBHa3ko5t0MKowWPTELF-RV1w8zM_3FqWkoA@mail.gmail.com>
 <CAORfjXTMVeJABe_SPbEsA3Zfj=EW5aar_T=En+je7O-HCvf7rQ@mail.gmail.com>
 <CABVffEOLM0A_u6zR==XfXoaCYdDUgaax9pFW=jeGhqbQ242XQw@mail.gmail.com>
 <CABVffENmmpudSqbvRRhqOom3PmrgQugkuh_KUZt99yvGdM=eOg@mail.gmail.com>
 <f2b607fd-a209-38cc-ecac-25b3983138c4@felt.demon.nl>
 <CAORfjXTQUMh-pNf04RZ+NsC9JM4aiPou8SNjVrN2rrhqYmTvzg@mail.gmail.com>
 <da8a295f-2f21-9d00-9cc4-7e02e4c20890@felt.demon.nl>
 <CAORfjXQ2ux-opgueEPhaPaBXtVC2LscP2wMMhOOD=b8gyz5_JA@mail.gmail.com>
 <CAORfjXT-wWzLCbaYNjLFsMqxdUYRnVm1E9VPZPcBWGsrfM__8A@mail.gmail.com>
 <CAORfjXR8Zh3SWBX6aTUU0cHi2V69B0PDukQHc8+fP5917-1kBw@mail.gmail.com>
 <CAORfjXSqeYpOdu3MngBqK4Bt+SS=C+7dXyfAhtQQ+J1ew2M8TA@mail.gmail.com>
 <CAORfjXS7jsESQrXS7u7Xi+FGW-__2sD=yi4OkSUKEz=Ssrr-Bw@mail.gmail.com>
 <CAORfjXSkMdbFnNxdrVH2_mj7W2=EJAp0mhPrdJe3HG0Edi-2jw@mail.gmail.com>
Message-ID: <CAH0iFcb69i1wwdEZbGbbtYm1byABtaPrNzZA0iFBsAYtTb1CpQ@mail.gmail.com>

Michael F thanks for confirming :)

On Wed, Nov 10, 2021 at 1:38 PM Lance Albertson <lance at osuosl.org> wrote:

> [For whatever reason I got a DMARC bounce for your reply but I saw your
> reply in the bounce]
>
> > From: "CHIGOT, CLEMENT" <clement.chigot at atos.net>
> > To: "ibm-aix-ibmi-hosting at osuosl.org" <ibm-aix-ibmi-hosting at osuosl.org>
> > Cc:
> > Bcc:
> > Date: Wed, 10 Nov 2021 07:50:01 +0000
> > Subject: Re: [ibm-aix-ibmi-hosting] Recurring security scans - and
> actions to be taken.
> > The Golang should be good now. I've missed something last time.
> >
> > Thanks,
> > Cl?ment
>
> Excellent! Thank you so much!
>
> --
> Lance Albertson
> Director
> Oregon State University | Open Source Lab
> --
> ibm-aix-ibmi-hosting mailing list
> ibm-aix-ibmi-hosting at osuosl.org
> https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osuosl.org/pipermail/ibm-aix-ibmi-hosting/attachments/20211110/2d35f844/attachment.html>