[root@localhost etc]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@localhost etc]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
[root@localhost etc]# rpm -q webmin
webmin-1.831-1.noarch
使用Nessus掃出webmin弱點如下
SSL Medium Strength Cipher Suites Supported
說明:The remote host supports the use of SSL ciphers that offer medium
strength encryption. Nessus regards medium strength as any encryption
that uses key lengths at least 64 bits and less than 112 bits, or else
that uses the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength
encryption if the attacker is on the same physical network.
此弱點顯示密碼加密長度不足,並建議不要使用3DES
因此漏洞掃出來是顯示為10000 Port,所以針對webmin來進行修補
1.到webmin改設定
方法1
路徑:Webmin-->Webmin Configuration-->SSL Encyption
在Allowed SSL ciphers這點選Listed ciphers
並輸入加密方式:
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
方法2
路徑:Webmin-->Webmin Configuration-->SSL Encyption
在Allowed SSL ciphers這點選Only strong PCI-compliant ciphers並儲存
下指令vi /etc/webmin/miniserv.conf
ssl_cipher_list=ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:RC4:HIGH:MEDIUM:+TLSv1:+TLSv1.1:+TLSv1.2:!MD5:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!AESGCM
修改為
ssl_cipher_list=ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
沒有留言:
張貼留言