Opened 3 years ago

Closed 3 years ago

#2627 closed task (fixed)

backup.osogeo.osuosl.org security remediation

Reported by: robe Owned by: sac@…
Priority: normal Milestone: Sysadmin Contract 2021-II
Component: SysAdmin Keywords:
Cc:

Description

Block Port 25 outgoing. Not sure why this is exposed at all but the nessus report noted it. It really doesn't need to be exposed to send mail and assume it's not used except for admin messages.

Change History (1)

comment:1 by robe, 3 years ago

Resolution: fixed
Status: newclosed

okay port 25 doesn't appear to be open to the outside so I think it's just within the osuosl.org network.

Anyrate I did change the /etc/postfix/mail.cnf 

#smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtp_tls_exclude_ciphers = EXP, MEDIUM, LOW, DES, 3DES, SSLv2
smtpd_tls_exclude_ciphers = EXP, MEDIUM, LOW, DES, 3DES, SSLv2

tls_high_cipherlist = kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3D$
tls_medium_cipherlist = kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES

based on https://access.redhat.com/articles/1468593

Note: See TracTickets for help on using tickets.