漏洞扫描问题

扫描工具nessus ;扫描类型 Basic Network Scan

1. NFS Exported Share Information Disclosure

`Description
At least one of the NFS shares exported by the remote server could be mounted by the scanning host. An attacker may be able to leverage this to read (and possibly write) files on remote host.
Solution
Configure NFS on the remote host so that only authorized hosts can mount its remote shares.
Output
The following NFS shares could be mounted :

  • /root/nfs/geoserver_config`

修改前
[root@localhost nfs]# cat /etc/exports /root/nfs/storage *(rw,sync,no_root_squash) /root/nfs/geoserver_config *(rw,sync,no_root_squash)
修改后

`
[root@localhost nfs]# showmount -e
Export list for localhost.localdomain:
/root/nfs/geoserver_config 10.6.1.94,10.6.1.93,10.6.1.92,10.6.1.74,10.6.1.73,10.6.1.44,10.6.1.43
/root/nfs/storage          10.6.1.94,10.6.1.93,10.6.1.92,10.6.1.74,10.6.1.73,10.6.1.44,10.6.1.43
`

修改方式
`

修改配置文件
cat /etc/exports
[root@localhost nfs]# cat /etc/exports
/root/nfs/storage 10.6.1.43(rw,sync,no_root_squash) 10.6.1.44(rw,sync,no_root_squash) 10.6.1.73(rw,sync,no_root_squash) 10.6.1.74(rw,sync,no_root_squash) 10.6.1.92(rw,sync,no_root_squash) 10.6.1.93(rw,sync,no_root_squash) 10.6.1.94(rw,sync,no_root_squash)
/root/nfs/geoserver_config 10.6.1.43(rw,sync,no_root_squash) 10.6.1.44(rw,sync,no_root_squash) 10.6.1.73(rw,sync,no_root_squash) 10.6.1.74(rw,sync,no_root_squash) 10.6.1.92(rw,sync,no_root_squash) 10.6.1.93(rw,sync,no_root_squash) 10.6.1.94(rw,sync,no_root_squash)
使配置生效
exportfs -r

`

2. MongoDB Service Without Authentication Detection

按照下列方式部署开启auth
传送门:https://www.cnblogs.com/inclme/p/15829489.html

3. AMQP Cleartext Authentication

Description
The remote Advanced Message Queuing Protocol (AMQP) service supports one or more authentication mechanisms that allow credentials to be sent in the clear.
Solution
Disable cleartext authentication mechanisms in the AMQP configuration.

按照下列方式部署修改配置文件
传送门:https://www.cnblogs.com/inclme/p/15831207.html

4.SSL Medium Strength Cipher Suites Supported (SWEET32)

查看对应端口占用程序

[root@k8s-master1 ~]# netstat -tunlp | grep 80 
tcp6       0      0 :::80                   :::*                    LISTEN      6154/traefik        
tcp6       0      0 :::8080                 :::*                    LISTEN      6154/traefik

按照一下方式修改指定traefik的tls使用版本
传送门:https://www.cnblogs.com/inclme/p/15843268.html

posted @ 2025-01-02 09:41  小小青年  阅读(112)  评论(0)    收藏  举报