Reference:
新增 LDAP server
Common Name Identifier: sAMAccountName
Distinguished Name: DC=mydomain,DC=com,DC=tw
Bind Type: Regular
Username: user1@mydomain.com.tw
2021年6月30日 星期三
弱點修複 Web Server HTTP Header Internal IP Disclosure
Reference:
Nessus 弱點報告
Web Server HTTP Header Internal IP Disclosure
Description
This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server.
There is a known issue with Microsoft IIS 4.0 doing this in its default configuration. This may also affect other web servers, web applications, web proxies, load balancers and through a variety of misconfigurations related to redirection.
Solution
Apply configuration suggested by vendor.
See Also
http://www.nessus.org/u?fe24f941
https://support.microsoft.com/en-us/help/218180
http://www.nessus.org/u?4eedfe2d
Description
This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server.
There is a known issue with Microsoft IIS 4.0 doing this in its default configuration. This may also affect other web servers, web applications, web proxies, load balancers and through a variety of misconfigurations related to redirection.
Solution
Apply configuration suggested by vendor.
See Also
http://www.nessus.org/u?fe24f941
https://support.microsoft.com/en-us/help/218180
http://www.nessus.org/u?4eedfe2d
狀況:
這一台是Nginx reverse proxy,後面是 IIS web service。
本來以為是 IIS 的問題,但是直接對 IIS 掃描沒找到這個弱點,所以判斷是 Nginx 的問題。
解法:
在 Nginx config 設定server_name mydomain.com
server_name_in_redirect on
server_name_in_redirect on
restart nginx service再掃描確認已修復。
2021年6月23日 星期三
Xwindow change default directory to home
Reference:
GNOME Desktop :-
Use
gconftool-2to make Open in Terminal start in ~/ or $HOME instead of ~/Desktop. This can be done per-user and the global default can also be changed.- As a user, run following command to change the behavior immediately:
$ gconftool-2 --set --type=bool /apps/nautilus-open-terminal/desktop_opens_home_dir true- As root, run below command to set the default behavior, which will be source when new users first log in:
# gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --set --type=bool /apps/nautilus-open-terminal/desktop_opens_home_dir true
2021年6月22日 星期二
kairosdb update Jquery to 3.5.0
Reference:
Vulnerabilities:
[MEDIUM]: JQuery 1.2 < 3.5.0 Multiple XSS
Solution:
Upgrade to JQuery version 3.5.0 or later.
Upgrade to JQuery version 3.5.0 or later.
Steps:
download jquery-3.5.0.min.js
mv /opt/kairosdb/webroot/js/jquery.1.9.0.min.js ~root/
upload jquery-3.5.0.min.js to /opt/kairosdb/webroot/js/
2021年6月21日 星期一
Disable SSH CBC Ciphers
Reference:
/etc/ssh/ssh_config
/etc/ssh/sshd_config
#disable CBC 2021.6.21
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160
restart sshd
systemctl restart sshd
2021年6月8日 星期二
訂閱:
文章 (Atom)