惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

酷 壳 – CoolShell
酷 壳 – CoolShell
H
Hacker News: Front Page
P
Palo Alto Networks Blog
T
ThreatConnect
Apple Machine Learning Research
Apple Machine Learning Research
博客园_首页
T
True Tiger Recordings
P
Privacy & Cybersecurity Law Blog
B
Blog
IT之家
IT之家
Last Week in AI
Last Week in AI
F
Full Disclosure
Hacker News: Ask HN
Hacker News: Ask HN
C
Comments on: Blog
Microsoft Azure Blog
Microsoft Azure Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Microsoft Security Blog
Microsoft Security Blog
博客园 - 【当耐特】
N
News and Events Feed by Topic
NISL@THU
NISL@THU
腾讯CDC
雷峰网
雷峰网
Security Latest
Security Latest
李成银的技术随笔
M
Microsoft Research Blog - Microsoft Research
L
LangChain Blog
L
Lohrmann on Cybersecurity
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Check Point Blog
Y
Y Combinator Blog
Recent Announcements
Recent Announcements
博客园 - Franky
N
News | PayPal Newsroom
V
V2EX
A
About on SuperTechFans
The Register - Security
The Register - Security
月光博客
月光博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google Online Security Blog
Google Online Security Blog
MyScale Blog
MyScale Blog
Cisco Talos Blog
Cisco Talos Blog
Vercel News
Vercel News
WordPress大学
WordPress大学
C
Cyber Attacks, Cyber Crime and Cyber Security
The Hacker News
The Hacker News
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
爱范儿
爱范儿
A
Arctic Wolf
L
LINUX DO - 最新话题
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

博客园 - kunyashaw

基于langgraph的智能问答工作流 langgraph 基础使用(条件/循环/嵌套子图) vue3Crush以及对比vue2 渗透与常见服务配置 LangChain教程-4、构建简易智能 PPT 生成器 LangChain教程-3、Langchain进阶 LangChain教程-2、Langchain基础 LangChain教程-1、python基础 openclaw skill--一键生成项目宣讲介绍网页及长截图 openclaw新手skill推荐: openclaw-newbie-faq 用opencode和minimax给娃搭了一个raz学习站点 clawdbot(新名字:moltbot、OpenClaw)折腾过程 angualr基础 node基础 vue基础 某业务技术架构 堡垒机方案 linux常见软件的环境搭建 linux运维基础
漏洞治理
kunyashaw · 2023-06-25 · via 博客园 - kunyashaw

1、TLS问题

104743 - TLS 1.0 版协议检测
nginx使用配置选项: ssl_protocols  TLSv1.2 TLSv1.3
    
127907 - nginx 1.9.5 < 1.16.1 / 1.17.x < 1.17.3 Multiple Vulnerabilities
150154 - nginx 0.6.x < 1.20.1 1-Byte Memory Overwrite RCE
134220 - nginx < 1.17.7 Information Disclosure
升级nginx版本为1.21.1

2、ssl问题

57582 - SSL Self-Signed Certificate
51192 - SSL Certificate Cannot Be Trusted
104743 - TLS Version 1.0 Protocol Detection

443端口处理一下

3、请求方式限制

11213 - HTTP TRACE / TRACK Methods Allowed
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
104743 - TLS Version 1.0 Protocol Detection

所有server的location中加入限制:仅允许get、post请求
     server {
         listen       80;
         server_name  paytest.org.cn;
         rewrite ^(.*)$ https://$host$1 permanent;
         location / {
             limit_except GET POST {
                 deny  all;
             }
      }

在pve中设置了443端口允许访问的白名单

4、trace问题

11213 - HTTP TRACE / TRACK Methods Allowed

httpd的trace问题:
 vi /usr/local/apache/conf/httpd.conf
在尾部追加:TraceEnable off
重启httpd服务即可

5、TLS版本问题

104743 - TLS Version 1.0 Protocol Detection

# 原始配置
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 ;
# 修复配置
ssl_protocols TLSv1.2 TLSv1.3;

6、ssl算法问题

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)

 iptables -I INPUT -p tcp --dport 5432  -s 124.17.5.0/24  -j ACCEPT

 在nginx.conf中修改ssl的算法:
  ssl_ciphers HIGH:!aNULL:!MD5:!DES:!3DES;

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。