Knowledge Base

Ask A Question

Questions

0

Documented reference for "Partition Mounting Weakness"?

The "Partition Mounting Weakness" check often detects that certain Linux partitions have been mounted without the "nodev" option, however the check provides no references. What standard/best-practice/guideline is used as a basis for this recommendation. For example, CIS Benchmarks for Distribution Independent Linux (2017), Debian 8 (2016), and Ubuntu 16.04 (2017), all recommend setting the "nodev" mount option for /tmp, /var/tmp, and /home, but make no mention of /run despite the /run partition being rolled out to most Linux distros back in 2011 -- amble time for CIS to have added the recommendation if the group deemed it important. I understand the security rationale for the recommendation (good related explanations can be found on Stack Exchange (https://unix.stackexchange.com/questions/188601/why-is-nodev-in-etc-fstab-so-important-how-can-character-devices-be-used-for) and SuperUser (https://superuser.com/questions/538550/understanding-mount-option-nodev-and-its-use-with-usb-flash-drives)), and believe the recommendation is a good idea. I appreciate Rapid7 making its own recommendations on security settings rather than simply relying on so-called "best-practice" documents made by others, but the lack of any references which might indicate a industry-wide acceptance for such setting, combined with the necessary accompanying usability testing that would make such a recommendation feel "safe" for an admin to test on their own, creates a feeling of distrust toward insightVM.

Posted by Hugh Jarse 5 months ago

0

Why is my new Nexpose Scan engine attempting to make outbound SSH connections?

Why is my new Nexpose Scan engine attempting to make outbound SSH connections? Please note this is happening with fresh clean copy of the OVA downloaded from Rapid7's own website. It started immediately after setup of the network settings and the appliance was rebooted. No settings other than network configuration had been set. what is happening is the SSHD service on the Ubuntu OVA is causing 15 to 30 percent CPU utilization. The SSHD service is not doing it by itself mind you, but it is causing the journal and logging processes to contribute to this. I have three other scan engines that were setup that are not doing this. Does anyone have an idea of how to make this stop without setting up the VM again? Sample Log Lines: Jun 3 05:44:57 nexpose sshd[44483]: fatal: Unable to negotiate with XXX.XXX.251.47 port 54417: no matching cipher found. Their offer: aes256-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,rijndael192-cbc,aes128-cbc,rijndael128-cbc,blowfish-cbc,3des-cbc [preauth] Jun 3 05:44:57 nexpose sshd[44485]: fatal: Unable to negotiate with XXX.XXX.250.82 port 65479: no matching cipher found. Their offer: aes256-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,rijndael192-cbc,aes128-cbc,rijndael128-cbc,blowfish-cbc,3des-cbc [preauth] Jun 3 05:44:57 nexpose sshd[44487]: fatal: Unable to negotiate with XXX.XXX.251.50 port 51997: no matching cipher found. Their offer: aes256-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,rijndael192-cbc,aes128-cbc,rijndael128-cbc,blowfish-cbc,3des-cbc [preauth] Jun 3 05:44:57 nexpose sshd[44489]: fatal: Unable to negotiate with XXX.XXX.251.52 port 62033: no matching cipher found. Their offer: aes256-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,rijndael192-cbc,aes128-cbc,rijndael128-cbc,blowfish-cbc,3des-cbc [preauth] Jun 3 05:44:57 nexpose sshd[44490]: fatal: Unable to negotiate with XXX.XXX.248.138 port 65069: no matching cipher found. Their offer: aes256-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,rijndael192-cbc,aes128-cbc,rijndael128-cbc,blowfish-cbc,3des-cbc [preauth]

Posted by Noel Torres 5 months ago