VA Findings on NLS

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
azreenariff
Posts: 49
Joined: Tue Aug 21, 2018 7:58 am

VA Findings on NLS

Post by azreenariff »

Dear Support,

We have Nagios Log Server 2.1.10

Our client performed a VA scan on the NLS and produced VA findings like below:

1. HTTP TRACE / TRACK Methods Allowed - Debugging functions are enabled on the remote web server. - Disable these HTTP methods. - CVE-2003-1567,CVE-2004-2320,CVE-2010-0386
2. JQuery 1.2 < 3.5.0 Multiple XSS - The remote web server is affected by multiple cross site scripting vulnerability. - Upgrade to JQuery version 3.5.0 or later. - CVE-2020-11022,CVE-2020-11023

We need your advice on how we can resolve this to clear the VA finding.

Appreciate your kind support.
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: VA Findings on NLS

Post by ssax »

What OS/version are you running?

Code: Select all

uname -a
cat /etc/*release
Do you have the scan file, please PM me what the scan detected in it's entirety so I can see how it is detecting it and the endpoints it is seeing.

Make sure this is done first:

https://assets.nagios.com/downloads/nag ... Server.pdf

Then you can harden your apache following this guide:
- NOTE: I tested these out briefly on my Log Server system and it didn't seem to cause any issues, if you see any issues let us know

https://geekflare.com/apache-web-server ... -security/

Follow these sections:
- Remove Server Version Banner
- Disable Trace HTTP Request
- SSL Cipher
- Disable SSL v2 & v3

Edit your /etc/php.ini and set/change this:

Code: Select all

expose_php = Off
Once you're done, restart apache, and then scan it again:

Code: Select all

systemctl restart httpd
If running EL8+ (RHEL 8+, CENT 8+, ORACLE 8+, etc), do this as well:

Code: Select all

systemctl restart php-fpm
azreenariff
Posts: 49
Joined: Tue Aug 21, 2018 7:58 am

Re: VA Findings on NLS

Post by azreenariff »

Hi ssax,

Thank you for kind support.

The OS/Version is as below:

Code: Select all

[root@server ~]# uname -a
Linux server 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 8 13:30:15 EST 2021 x86_64 x86_64 x86_64 GNU/Linux
[root@server ~]# cat /etc/*release
NAME="Red Hat Enterprise Linux"
VERSION="8.5 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.5 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/8/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.5
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.5"
Red Hat Enterprise Linux release 8.5 (Ootpa)
Red Hat Enterprise Linux release 8.5 (Ootpa)
Our client only provided us with those 2 detections and we don't have any scan files. For now, I will just perform the Disable HTTP Trace Request as what they reported and let them scan again.

Is there any update regarding the JQuery > 3.5.0 version with NLS? Any possibility for the next release or still unknown?
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: VA Findings on NLS

Post by ssax »

I've reported the jquery stuff to QA/development as well, they said they are going to try to get jquery updated for the upcoming 2.1.12.
azreenariff
Posts: 49
Joined: Tue Aug 21, 2018 7:58 am

Re: VA Findings on NLS

Post by azreenariff »

That's great! Thank you so much for your kind support.
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: VA Findings on NLS

Post by ssax »

No problem, they said they are also updating the NCPA package that is installed on the system as well that has the older jquery.
Locked