From lance at osuosl.org Mon Dec 20 20:46:42 2021 From: lance at osuosl.org (Lance Albertson) Date: Mon, 20 Dec 2021 12:46:42 -0800 Subject: [ibm-aix-ibmi-hosting] Recurring security scans - and actions to be taken. In-Reply-To: References: <2a17a4d1-e80e-bd11-ae1d-61b2fcf1f4ee@felt.demon.nl> <001b01d7e06f$013744f0$03a5ced0$@xs4all.nl> Message-ID: Attached is the latest report which contains some "new" issues based on the renames we did recently. Can you please address those? Thanks- On Mon, Dec 6, 2021 at 10:55 AM Lance Albertson wrote: > Report from this week. Can we please get the rexecd and telnet fixed ASAP? > > Attached is the latest report. > > On Mon, Nov 29, 2021 at 12:59 PM Lance Albertson wrote: > >> Here is the latest report. >> >> Thanks- >> >> On Tue, Nov 23, 2021 at 5:43 AM Michael Felt wrote: >> >>> I stopped the inetd serves on all the servers. >>> >>> >>> >>> The changes are not permanent ? they will go active on next reboot. >>> >>> >>> >>> However, I shall work on getting these permanent ? and also in the >>> install procedures so they do not re-appear after a system refresh. >>> >>> >>> >>> Michael >>> >>> >>> >>> *From:* ibm-aix-ibmi-hosting *On >>> Behalf Of *Lance Albertson >>> *Sent:* Monday, 22 November 2021 22:00 >>> *To:* ibm-aix-ibmi-hosting at osuosl.org >>> *Subject:* Re: [ibm-aix-ibmi-hosting] Recurring security scans - and >>> actions to be taken. >>> >>> >>> >>> Looks like a few got resolved in the past week. Can we please get the >>> others this week? Please see attached. >>> >>> >>> >>> Thanks! >>> >>> >>> >>> On Mon, Nov 15, 2021 at 3:02 PM Lance Albertson >>> wrote: >>> >>> Report for this week is attached. Looks like all of the new java1 >>> instances have some issues, most serious of which being the rexecd service >>> is running. >>> >>> >>> >>> Can you please get these addressed ASAP? >>> >>> >>> >>> Thanks- >>> >>> >>> >>> -- >>> >>> Lance Albertson >>> >>> Director >>> >>> Oregon State University | Open Source Lab >>> >>> >>> >>> >>> -- >>> >>> Lance Albertson >>> >>> Director >>> >>> Oregon State University | Open Source Lab >>> -- >>> ibm-aix-ibmi-hosting mailing list >>> ibm-aix-ibmi-hosting at osuosl.org >>> https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting >>> >> >> >> -- >> Lance Albertson >> Director >> Oregon State University | Open Source Lab >> > > > -- > Lance Albertson > Director > Oregon State University | Open Source Lab > -- Lance Albertson Director Oregon State University | Open Source Lab -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: aix-2021-12-19.csv Type: text/csv Size: 28287 bytes Desc: not available URL: From aixtools at felt.demon.nl Wed Dec 22 10:44:52 2021 From: aixtools at felt.demon.nl (Michael Felt) Date: Wed, 22 Dec 2021 11:44:52 +0100 Subject: [ibm-aix-ibmi-hosting] Recurring security scans - and actions to be taken. In-Reply-To: References: <001b01d7e06f$013744f0$03a5ced0$@xs4all.nl> Message-ID: The first two lines, and last line were from a hung process (adopt02 and adopt04, adopt05) - a process to test connections with X11 frame based (Xfb) functionality. It is an empty process - other than accepting connections (afaik). These are not suppossed to happen (the jenkins ci scripts are suppossed to detect these stray processes at both start and finish). The systems adopt07 and adopt08 are new installs - and the first to be testing jdk17 builds. Not sure what else is going on, but I'll look into that later. Likewise, the ibm0X systems are new installs. I'll ask someone from IBM to take a look at the report. (@sej aka Sarah Jackson). Also, Sarah - are you and others using these systems subscribed to this mailing list? If not, please contact me directly to get that setup. Healthy Holidays Everyone!! Michael On 20/12/2021 21:46, Lance Albertson wrote: > Attached is the latest report which contains some "new" issues based > on the renames we did recently. Can you please address those? > > Thanks- > > On Mon, Dec 6, 2021 at 10:55 AM Lance Albertson wrote: > > Report from this week. Can we please get the rexecd and telnet > fixed ASAP? > > Attached is the latest report. > > On Mon, Nov 29, 2021 at 12:59 PM Lance Albertson > wrote: > > Here is the latest report. > > Thanks- > > On Tue, Nov 23, 2021 at 5:43 AM Michael Felt > wrote: > > I stopped the inetd serves on all the servers. > > The changes are not permanent ? they will go active on > next reboot. > > However, I shall work on getting these permanent ? and > also in the install procedures so they do not re-appear > after a system refresh. > > Michael > > *From:* ibm-aix-ibmi-hosting > *On Behalf Of > *Lance Albertson > *Sent:* Monday, 22 November 2021 22:00 > *To:* ibm-aix-ibmi-hosting at osuosl.org > *Subject:* Re: [ibm-aix-ibmi-hosting] Recurring security > scans - and actions to be taken. > > Looks like a few got resolved in the past week. Can we > please get the others this week? Please see?attached. > > Thanks! > > On Mon, Nov 15, 2021 at 3:02 PM Lance Albertson > wrote: > > Report for this week?is attached. Looks like all of > the new java1 instances have some issues, most serious > of which being the rexecd service is running. > > Can you please get these addressed ASAP? > > Thanks- > > -- > > Lance Albertson > > Director > > Oregon State University |?Open Source Lab > > > -- > > Lance Albertson > > Director > > Oregon State University |?Open Source Lab > > -- > ibm-aix-ibmi-hosting mailing list > ibm-aix-ibmi-hosting at osuosl.org > https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting > > > > -- > Lance Albertson > Director > Oregon State University | Open Source Lab > > > > -- > Lance Albertson > Director > Oregon State University | Open Source Lab > > > > -- > Lance Albertson > Director > Oregon State University | Open Source Lab -------------- next part -------------- An HTML attachment was scrubbed... URL: From aixtools at felt.demon.nl Wed Dec 22 14:07:05 2021 From: aixtools at felt.demon.nl (Michael Felt) Date: Wed, 22 Dec 2021 15:07:05 +0100 Subject: [ibm-aix-ibmi-hosting] Recurring security scans - and actions to be taken. In-Reply-To: References: <001b01d7e06f$013744f0$03a5ced0$@xs4all.nl> Message-ID: I have stopped the `inetd` process on the ibm0X systems - that will stop any telnet, ftp, rexecd, etc. reactions. Further, the fileset responsible for port 9510 reports has been removed (that was the agent that would speak with now defunct platform systems managers (FSM/Director). Further, on the adopt systems I have manually found and killed the hung java processes with port 6000 still open. On 22/12/2021 11:44, Michael Felt wrote: > > The first two lines, and last line were from a hung process (adopt02 > and adopt04, adopt05) - a process to test connections with X11 frame > based (Xfb) functionality. It is an empty process - other than > accepting connections (afaik). These are not suppossed to happen (the > jenkins ci scripts are suppossed to detect these stray processes at > both start and finish). > > The systems adopt07 and adopt08 are new installs - and the first to be > testing jdk17 builds. Not sure what else is going on, but I'll look > into that later. > > Likewise, the ibm0X systems are new installs. I'll ask someone from > IBM to take a look at the report. (@sej aka Sarah Jackson). > > Also, Sarah - are you and others using these systems subscribed to > this mailing list? If not, please contact me directly to get that setup. > > Healthy Holidays Everyone!! > > Michael > > > On 20/12/2021 21:46, Lance Albertson wrote: >> Attached is the latest report which contains some "new" issues based >> on the renames we did recently. Can you please address those? >> >> Thanks- >> >> On Mon, Dec 6, 2021 at 10:55 AM Lance Albertson wrote: >> >> Report from this week. Can we please get the rexecd and telnet >> fixed ASAP? >> >> Attached is the latest report. >> >> On Mon, Nov 29, 2021 at 12:59 PM Lance Albertson >> wrote: >> >> Here is the latest report. >> >> Thanks- >> >> On Tue, Nov 23, 2021 at 5:43 AM Michael Felt >> wrote: >> >> I stopped the inetd serves on all the servers. >> >> The changes are not permanent ? they will go active on >> next reboot. >> >> However, I shall work on getting these permanent ? and >> also in the install procedures so they do not re-appear >> after a system refresh. >> >> Michael >> >> *From:* ibm-aix-ibmi-hosting >> *On Behalf Of >> *Lance Albertson >> *Sent:* Monday, 22 November 2021 22:00 >> *To:* ibm-aix-ibmi-hosting at osuosl.org >> *Subject:* Re: [ibm-aix-ibmi-hosting] Recurring security >> scans - and actions to be taken. >> >> Looks like a few got resolved in the past week. Can we >> please get the others this week? Please see?attached. >> >> Thanks! >> >> On Mon, Nov 15, 2021 at 3:02 PM Lance Albertson >> wrote: >> >> Report for this week?is attached. Looks like all of >> the new java1 instances have some issues, most >> serious of which being the rexecd service is running. >> >> Can you please get these addressed ASAP? >> >> Thanks- >> >> -- >> >> Lance Albertson >> >> Director >> >> Oregon State University |?Open Source Lab >> >> >> -- >> >> Lance Albertson >> >> Director >> >> Oregon State University |?Open Source Lab >> >> -- >> ibm-aix-ibmi-hosting mailing list >> ibm-aix-ibmi-hosting at osuosl.org >> https://lists.osuosl.org/mailman/listinfo/ibm-aix-ibmi-hosting >> >> >> >> -- >> Lance Albertson >> Director >> Oregon State University | Open Source Lab >> >> >> >> -- >> Lance Albertson >> Director >> Oregon State University | Open Source Lab >> >> >> >> -- >> Lance Albertson >> Director >> Oregon State University | Open Source Lab > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lance at osuosl.org Wed Dec 22 18:03:41 2021 From: lance at osuosl.org (Lance Albertson) Date: Wed, 22 Dec 2021 10:03:41 -0800 Subject: [ibm-aix-ibmi-hosting] Recurring security scans - and actions to be taken. In-Reply-To: References: <001b01d7e06f$013744f0$03a5ced0$@xs4all.nl> Message-ID: On Wed, Dec 22, 2021 at 2:45 AM Michael Felt wrote: > The first two lines, and last line were from a hung process (adopt02 and > adopt04, adopt05) - a process to test connections with X11 frame based > (Xfb) functionality. It is an empty process - other than accepting > connections (afaik). These are not suppossed to happen (the jenkins ci > scripts are suppossed to detect these stray processes at both start and > finish). > Is this PR [1] still related to this? If so, it should get merged in soon. [1] https://github.com/adoptium/aqa-tests/pull/2831 > The systems adopt07 and adopt08 are new installs - and the first to be > testing jdk17 builds. Not sure what else is going on, but I'll look into > that later. > > Likewise, the ibm0X systems are new installs. I'll ask someone from IBM to > take a look at the report. (@sej aka Sarah Jackson). > Is there something you can add to your new installation procedure to ensure all of these services are disabled/off? This keeps happening and it'd be nice if they were clean right off the bat. > Also, Sarah - are you and others using these systems subscribed to this > mailing list? If not, please contact me directly to get that setup. > I just added Sarah. Please let me know who else should be on the list that you've recently created new LPARs for. > Healthy Holidays Everyone!! > > Michael > You as well! -- Lance Albertson Director Oregon State University | Open Source Lab -------------- next part -------------- An HTML attachment was scrubbed... URL: From aixtools at felt.demon.nl Wed Dec 22 21:47:52 2021 From: aixtools at felt.demon.nl (Michael Felt) Date: Wed, 22 Dec 2021 22:47:52 +0100 Subject: [ibm-aix-ibmi-hosting] Recurring security scans - and actions to be taken. In-Reply-To: References: <001b01d7e06f$013744f0$03a5ced0$@xs4all.nl> , Message-ID: <3CFAF3F2-157B-B940-BF77-8DF50AFAF1F4@hxcore.ol> An HTML attachment was scrubbed... URL: