Eliminating Security Vulnerabilities at PORT 22

Issue : There are findings related to security at PORT 22 after Vulnerability Assessment and Penetration Testing (VAPT).

The below are the vulnerabilities :

1. SSH Weak Algorithms Supported.
2. SSH Server CBC Mode Ciphers Enabled.
3. SSH Weak MAC Algorithms Enabled.
4. SSH Server CBC Mode Ciphers Enabled.

Solution : In order to attend the vulnerabilities you need to login as root and follow the below steps.

Step 1 : Go to the directory as below (/etc/ssh).

etcSSH

Step 2 : edit sshd_config file as below.

sshdConf1

Remove weak ciphers arcfour256,arcfour128 and save the file.

sshdConf2

Step 3 : Re-scan the port for vulnerability and you will find the errors are eliminated now.

Cheers..!

Configuring Strong Ciphers on Linux OS

Security Vulnerabilities at IP

Environment Description:

OS – Oracle V 6.6              Weblogic Version – 12.2.1.0

Application Server IP : 192.168.0.132        Port : 8001

Soon after Nessus scan security vulnerabilities are detected as below for the above mentioned IP and port.

1. SSL RC4 Cipher Suites Supported (Bar Mitzvah)
2. SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
3. SSL Medium Strength Cipher Suites Supported
4. SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)

This means that the cipher suites which are using the ciphers are weak and needs to be reconfigured with stronger ciphers.

Check the java version and validate the ciphers list.

Java version can be checked as below in terminal :

JavaVersion

Now what is required is to check , whether ciphers which we will add in application server configuration is supported by java version. The below link contains more details on ciphers suites.

http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider

Now to add the ciphers in Oracle WebLogic Application Server follow the below steps.

Step 1 : Go to config folder (Directory structure may be different for different environments but configuration remains the same). for example my directory structure is as below :

DirectoryWBLDirectoryWBLDirectoryWBL

Step 2 : it is very important to take backup of config.xml file as it is a very important file and holds all application server configuration.

ConfigXMLBackup

Step 3 : Edit config.xml file as below

CiphersConfigXML

Step 4 : Save the config.xml file and restart the server.

Step 5 : Rescan the IP again either with nmap or nessus and you will find the vulnerabilities are eliminated now.

Note : I have added Advanced Encryption Securities with 128 and 256 encryption, you can more strong ciphers as per the security requirement.

Cheers..!

Issue while creating datasource on Weblogic Server

In Weblogic Sometimes when you try add datasource to cluster group it fails with following error, which might be due to process limit on database side.

WLS Console Error
==============

Caused by: java.lang.Throwable: Substituted for the exception oracle.net.ns.NetException which lacks a String contructor, original message – Got minus one from a read call
at oracle.net.ns.Packet.receive(Packet.java:314)
at oracle.net.ns.NSProtocolStream.negotiateConnection(NSProtocolStream.java:160)
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:264)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1452)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:496)
at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:666)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:566)
at weblogic.jdbc.common.internal.ConnectionEnvFactory.makeConnection0(ConnectionEnvFactory.java:286)
at weblogic.jdbc.common.internal.ConnectionEnvFactory.access$000(ConnectionEnvFactory.java:20)
at weblogic.jdbc.common.internal.ConnectionEnvFactory$1.run(ConnectionEnvFactory.java:215)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.jdbc.common.internal.ConnectionEnvFactory.makeConnection(ConnectionEnvFactory.java:212)
at weblogic.jdbc.common.internal.ConnectionEnvFactory.setConnection(ConnectionEnvFactory.java:143)
at weblogic.jdbc.common.internal.JDBCResourceFactoryImpl.createResource(JDBCResourceFactoryImpl.java:185)
at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1356)
at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1272)
at weblogic.common.resourcepool.ResourcePoolImpl.start(ResourcePoolImpl.java:240)
at weblogic.jdbc.common.internal.ConnectionPool.doStart(ConnectionPool.java:1754)
at weblogic.jdbc.common.internal.ConnectionPool.start(ConnectionPool.java:239)
at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:614)
at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:475)
at weblogic.jdbc.module.JDBCModule.prepare(JDBCModule.java:344)

DB Error
==================

oracle@host02:/u01/app/db11g/product/11.2.0/dbhome_1/dbs >sqlplus / as sysdba

SQL*Plus: Release 11.2.0.3.0 Production on Thu Apr 6 08:21:02 2017

Copyright (c) 1982, 2011, Oracle. All rights reserved.

ERROR:
ORA-00020: maximum number of processes (150) exceeded
Validation Process
======================

List number of process running for the DB instance

oracle@host02:/practices/part1/practice12-02 >ps -auxf |grep orcl|wc -l
149
oracle@host02:/practices/part1/practice12-02

Check on DB level for limit
==========================
SQL> show parameter process scope=both;

NAME TYPE VALUE
———————————— ———– ——————————
aq_tm_processes integer 1
cell_offload_processing boolean TRUE
db_writer_processes integer 1
gcs_server_processes integer 0
global_txn_processes integer 1
job_queue_processes integer 1000
log_archive_max_processes integer 4
processes integer 150
processor_group_name string
SQL>

WorkAround
================

Increase the number of process on db level

SQL> alter system set processes=500 scope=spfile;

SQL> show parameter process;

NAME TYPE VALUE
———————————— ———– ——————————
aq_tm_processes integer 1
cell_offload_processing boolean TRUE
db_writer_processes integer 1
gcs_server_processes integer 0
global_txn_processes integer 1
job_queue_processes integer 1000
log_archive_max_processes integer 4
processes integer 500
processor_group_name string
SQL>

Now try to re-enable the datasource on weblogic

MOS Article Reference
=================
“IO Error:Got minus one from a read call”: In the Diagnostic logs (Doc ID 1995125.1)