Upgrade Servidores Longinus - 2

Audit Report
Upgrade Servidores Longinus_2
Audited on November 4, 2022
Reported on November 4, 2022

Audit Report
1. Executive Summary
This report represents a security audit performed by InsightVM from Rapid7 LLC. It contains confidential information about the state of
your network. Access to this information by unauthorized personnel may allow them to compromise your network.
Site Name Start Time End Time Total Time Status
HN-INT-New Integration November 04, 2022 November 04, 2022 21 minutes Success
14:52, GMT 15:14, GMT
There is not enough historical data to display overall asset trend.
The audit was performed on 11 systems, 11 of which were found to be active and were scanned.
There were 25 vulnerabilities found during this scan. No critical vulnerabilities were found. Critical vulnerabilities require immediate
attention. They are relatively easy for attackers to exploit and may provide them with full control of the affected systems. 14
vulnerabilities were severe. Severe vulnerabilities are often harder to exploit and may not provide the same access to affected systems.
There were 11 moderate vulnerabilities discovered. These often provide information to attackers that may assist them in mounting
subsequent attacks on your network. These should also be fixed in a timely manner, but are not as urgent as the other vulnerabilities.
No critical vulnerabilities were found on any of the systems. 6 systems were found to have severe vulnerabilities. Moderate
vulnerabilities were found on 11 systems. No systems were free of vulnerabilities.
There were 11 occurrences of the unix-user-home-dir-mode vulnerability, making it the most common vulnerability. There were 12
vulnerability instances in the Network category, making it the most common vulnerability category.
Page 1
Audit Report
The certificate-common-name-mismatch vulnerability poses the highest risk to the organization with a risk score of 6,685. Risk scores
are based on the types and numbers of vulnerabilities on affected assets.
One operating system was identified during this scan.
There were 4 services found to be running during this scan.
The SNMP and SSH services were found on 11 systems, making them the most common services.
Page 2
Audit Report
2. Discovered Systems
Node Operating System Risk Aliases
192.168.105.92 Red Hat Enterprise Linux 8.6 2,368 •srvpockongapigtw.celtel.net
192.168.105.89 Red Hat Enterprise Linux 8.6 2,368 •srvpoclonginius08.celtel.net
192.168.105.90 Red Hat Enterprise Linux 8.6 2,368 •srvpoclonginus09.celtel.net
192.168.105.87 Red Hat Enterprise Linux 8.6 585 •srvpoclonginus06.celtel.net
Page 3
Audit Report
3. Discovered and Potential Vulnerabilities
3.1. Critical Vulnerabilities

No critical vulnerabilities were reported.
3.2. Severe Vulnerabilities
3.2.1. X.509 Certificate Subject CN Does Not Match the Entity Name (certificate-common-name-mismatch)
Description:
The subject common name (CN) field in the X.509 certificate does not match the name of the entity presenting the certificate.
Before issuing a certificate, a Certification Authority (CA) must check the identity of the entity requesting the certificate, as specified in
the CA's Certification Practice Statement (CPS). Thus, standard certificate validation procedures require the subject CN field of a
certificate to match the actual name of the entity presenting the certificate. For example, in a certificate presented by
"https://www.example.com/", the CN should be "www.example.com".
In order to detect and prevent active eavesdropping attacks, the validity of a certificate must be verified, or else an attacker could then
launch a man-in-the-middle attack and gain full control of the data stream. Of particular importance is the validity of the subject's CN,
that should match the name of the entity (hostname).
A CN mismatch most often occurs due to a configuration error, though it can also indicate that a man-in-the-middle attack is being
conducted.
Please note that this check may flag a false positive against servers that are properly configured using SNI.
Affected Nodes:
Affected Nodes: Additional Information:
192.168.105.84:10250 The subject common name found in the X.509 certificate does not seem to
match the scan target:Subject CN srvpoclonginus03@1655746219 does not
match target name specified in the site.Subject CN
srvpoclonginus03@1655746219 could not be resolved to an IP address via
DNS lookupSubject Alternative Name srvpoclonginus03 does not match target
name specified in the site.
match the scan target:Subject CN ds_agent does not match target name
specified in the site.Subject CN ds_agent could not be resolved to an IP
address via DNS lookup
Page 4
Audit Report

match the scan target:Subject CN srvpockongapigtw@1661794242 does not
srvpockongapigtw@1661794242 could not be resolved to an IP address via
DNS lookupSubject Alternative Name srvpockongapigtw does not match target
References:
None
Vulnerability Solution:
The subject's common name (CN) field in the X.509 certificate should be fixed to reflect the name of the entity presenting the certificate
(e.g., the hostname). This is done by generating a new certificate usually signed by a Certification Authority (CA) trusted by both the
client and server.
3.2.2. Untrusted TLS/SSL server X.509 certificate (tls-untrusted-ca)
Description:
The server's TLS/SSL certificate is signed by a Certification Authority (CA) that is not well-known or trusted. This could happen if: the
chain/intermediate certificate is missing, expired or has been revoked; the server hostname does not match that configured in the
certificate; the time/date is incorrect; or a self-signed certificate is being used. The use of a self-signed certificate is not recommended
Page 5
Audit Report
since it could indicate that a TLS/SSL man-in-the-middle attack is taking place
Affected Nodes:
192.168.105.84:10250 TLS/SSL certificate signed by unknown, untrusted CA: CN=srvpoclonginus03-

ca@1655746218 -- [Path does not chain with any of the trust anchors].
192.168.105.85:10250 TLS/SSL certificate signed by unknown, untrusted CA: CN=192.168.105.85-

192.168.105.89:4118 TLS/SSL certificate signed by unknown, untrusted CA: CN=ds_agent, O=Trend

Micro -- [Path does not chain with any of the trust anchors].





192.168.105.92:10250 TLS/SSL certificate signed by unknown, untrusted CA: CN=srvpockongapigtw-

References:
Source Reference
URL http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
URL http://nginx.org/en/docs/http/configuring_https_servers.html
URL https://support.microsoft.com/en-us/kb/954755
Ensure the common name (CN) reflects the name of the entity presenting the certificate (e.g., the hostname). If the certificate(s) or any
of the chain certificate(s) have expired or been revoked, obtain a new certificate from your Certificate Authority (CA) by following their
documentation. If a self-signed certificate is being used, consider obtaining a signed certificate from a CA.
References: Mozilla: Connection Untrusted ErrorSSLShopper: SSL Certificate Not Trusted ErrorWindows/IIS certificate chain config
Apache SSL configNginx SSL configWhat's My Chain Cert?
3.2.3. Self-signed TLS/SSL certificate (ssl-self-signed-certificate)
Description:
Page 6
Audit Report
The server's TLS/SSL certificate is self-signed. Self-signed certificates cannot be trusted by default, especially because TLS/SSL man-
in-the-middle attacks typically use self-signed certificates to eavesdrop on TLS/SSL connections.
Affected Nodes:
192.168.105.89:4118 TLS/SSL certificate is self-signed.
References:
None
Obtain a new TLS/SSL server certificate that is NOT self-signed and install it on the server. The exact instructions for obtaining a new
certificate depend on your organization's requirements. Generally, you will need to generate a certificate request and save the request
as a file. This file is then sent to a Certificate Authority (CA) for processing. Your organization may have its own internal Certificate
Authority. If not, you may have to pay for a certificate from a trusted external Certificate Authority, such as Thawte or Verisign.
3.3. Moderate Vulnerabilities
3.3.1. User home directory mode unsafe (unix-user-home-dir-mode)
Description:
A user's home directory was found to have a permission mode which is more permissive than 750 (Owner=READ/WRITE/EXECUTE,
Group=READ/EXECUTE, Other=NONE). "Group" or "Other" WRITE permissions means that a malicious user may gain complete
access to user data by escalating privileges. In addition "read" and "execute" access for "Other" should always be disabled (sensitive
data access).
Affected Nodes:
192.168.105.82 The permissions for home directory of user tlog was found to be 755 which is
more permissive than 750.
Page 7
Audit Report

References:
None
Restrict the user home directory mode to at most 750 using the command:
chmod 750 userDir
Page 8
Audit Report
4. Discovered Services
4.1. <unknown>
4.1.1. Discovered Instances of this Service
Device Protocol Port Vulnerabilities Additional Information
192.168.105.84 tcp 6443 0 •sslv3: false

•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
•tlsv1_3: false
192.168.105.85 tcp 6443 0 •sslv3: false

•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
•tlsv1_3: false
192.168.105.89 tcp 6443 0 •sslv3: false

•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
•tlsv1_3: false
192.168.105.90 tcp 6443 0 •sslv3: false

•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
•tlsv1_3: false
192.168.105.91 tcp 6443 0 •sslv3: false

•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
•tlsv1_3: false
192.168.105.92 tcp 6443 0 •sslv3: false

•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: false
•tlsv1_3: false
Page 9
Audit Report
4.2. HTTPS
HTTPS, the HyperText Transfer Protocol over TLS/SSL, is used to exchange multimedia content on the World Wide Web using
encrypted (TLS/SSL) connections. Once the TLS/SSL connection is established, the standard HTTP protocol is used. The multimedia
files commonly used with HTTP include text, sound, images and video.
192.168.105.84 tcp 10250 2 •ssl: true

•ssl.cert.chainerror: [Path does not
chain with any of the trust anchors]
•ssl.cert.issuer.dn:
CN=srvpoclonginus03-
ca@1655746218
•ssl.cert.key.alg.name: RSA
•ssl.cert.key.rsa.modulusBits: 2048
•ssl.cert.not.valid.after: Tue, 20 Jun
2023 16:30:18 UTC
•ssl.cert.not.valid.before: Mon, 20 Jun
2022 16:30:18 UTC
•ssl.cert.selfsigned: false
•ssl.cert.serial.number: 2
•ssl.cert.sha1.fingerprint:
fabc2f7ae34dffc6fb3a2b914457fbeb76
c5c0d9
•ssl.cert.sig.alg.name:
SHA256withRSA
•ssl.cert.subject.alt.name-1:
srvpoclonginus03
•ssl.cert.subject.alt.name-count: 1
•ssl.cert.subject.dn:
CN=srvpoclonginus03@1655746219
•ssl.cert.validchain: false
•ssl.cert.version: 3
•ssl.protocols: tlsv1_2,tlsv1_3
•ssl.supportsInsecureRenegotiation:
true
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
Page 10
Audit Report
•tlsv1_2: true
•tlsv1_2.ciphers:
TLS_ECDHE_RSA_WITH_AES_128_
GCM_SHA256,TLS_ECDHE_RSA_WI
TH_AES_256_GCM_SHA384
•tlsv1_2.extensions:
RENEGOTIATION_INFO,EC_POINT_
FORMATS
•tlsv1_3: true
•tlsv1_3.ciphers:
TLS_AES_128_GCM_SHA256,TLS_C
HACHA20_POLY1305_SHA256,TLS_
AES_256_GCM_SHA384
192.168.105.85 tcp 10250 1 •ssl: true
CN=192.168.105.85-ca@1655936082
•ssl.cert.not.valid.after: Thu, 22 Jun
2023 21:14:42 UTC
•ssl.cert.not.valid.before: Wed, 22 Jun
2022 21:14:42 UTC
b3efa1e89c510165641de96e8c1da85
21129db7c
SHA256withRSA
192.168.105.85
CN=192.168.105.85@1655936082
Page 11
Audit Report
true
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: true
•tlsv1_2.ciphers:
FORMATS
•tlsv1_3: true
•tlsv1_3.ciphers:
AES_256_GCM_SHA384
192.168.105.89 tcp 4118 3 •ssl: true
•ssl.cert.issuer.dn: CN=ds_agent,
O=Trend Micro
•ssl.cert.not.valid.after: Wed, 09 Jul
2031 21:16:36 UTC
•ssl.cert.not.valid.before: Thu, 14 Jul
2011 21:16:36 UTC
•ssl.cert.selfsigned: true
•ssl.cert.serial.number:
14775941190782584593
d068de481bdc4d0089077f851520c59
011eb566a
Page 12
Audit Report
SHA256withRSA
•ssl.cert.subject.dn: CN=ds_agent,
O=Trend Micro
•ssl.cert.validsignature: true
•ssl.protocols: tlsv1_2
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: true
•tlsv1_2.ciphers:
FORMATS
•tlsv1_3: false
192.168.105.89 tcp 10250 2 •ssl: true
ca@1661794211
•ssl.cert.not.valid.after: Tue, 29 Aug
2023 16:30:11 UTC
•ssl.cert.not.valid.before: Mon, 29 Aug
2022 16:30:11 UTC
63ac6ea7e917fa4348e946b381386e3
679b64262
SHA256withRSA
Page 13
Audit Report
srvpoclonginus08
true
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: true
•tlsv1_2.ciphers:
FORMATS
•tlsv1_3: true
•tlsv1_3.ciphers:
AES_256_GCM_SHA384
192.168.105.90 tcp 4118 3 •ssl: true
O=Trend Micro
2031 21:16:36 UTC
2011 21:16:36 UTC
Page 14
Audit Report
14775941190782584593
d068de481bdc4d0089077f851520c59
011eb566a
SHA256withRSA
O=Trend Micro
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: true
•tlsv1_2.ciphers:
FORMATS
•tlsv1_3: false
192.168.105.90 tcp 10250 2 •ssl: true
ca@1661794207
2023 16:30:07 UTC
2022 16:30:07 UTC
Page 15
Audit Report
80280c47d8fb042536e92b4f5f1ce006f
dd0fb46
SHA256withRSA
srvpoclonginus09
true
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: true
•tlsv1_2.ciphers:
FORMATS
•tlsv1_3: true
•tlsv1_3.ciphers:
AES_256_GCM_SHA384
192.168.105.91 tcp 10250 2 •ssl: true
Page 16
Audit Report
ca@1661794246
2023 16:30:46 UTC
2022 16:30:46 UTC
84fefe77ef1adc13e4d044efc74ee9f05
33c44f5
SHA256withRSA
srvpoclonginus10
true
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: true
•tlsv1_2.ciphers:
FORMATS
•tlsv1_3: true
•tlsv1_3.ciphers:
Page 17
Audit Report
AES_256_GCM_SHA384
192.168.105.92 tcp 4118 3 •ssl: true
O=Trend Micro
2031 21:16:36 UTC
2011 21:16:36 UTC
14775941190782584593
d068de481bdc4d0089077f851520c59
011eb566a
SHA256withRSA
O=Trend Micro
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: true
•tlsv1_2.ciphers:
Page 18
Audit Report
FORMATS
•tlsv1_3: false
192.168.105.92 tcp 10250 2 •ssl: true
CN=srvpockongapigtw-
ca@1661794242
2023 16:30:42 UTC
2022 16:30:42 UTC
286b09d5815280d9dcc7f440272d3ac
efb6b2f4e
SHA256withRSA
srvpockongapigtw
CN=srvpockongapigtw@1661794242
true
•sslv2: false
•sslv3: false
•tlsv1_0: false
•tlsv1_1: false
•tlsv1_2: true
•tlsv1_2.ciphers:
Page 19
Audit Report
FORMATS
•tlsv1_3: true
•tlsv1_3.ciphers:
AES_256_GCM_SHA384
4.3. SNMP
Simple Network Management Protocol (SNMP), like the name implies, is a simple protocol used to manage networking appliances by
remote clients. It is primarily UDP-based and uses trivial authentication by means of a secret community name.
192.168.105.82 udp 161 0
192.168.105.83 udp 161 0
192.168.105.84 udp 161 0
192.168.105.85 udp 161 0
192.168.105.86 udp 161 0
192.168.105.87 udp 161 0
192.168.105.88 udp 161 0
192.168.105.89 udp 161 0
192.168.105.90 udp 161 0
192.168.105.91 udp 161 0
192.168.105.92 udp 161 0
4.4. SSH
SSH, or Secure SHell, is designed to be a replacement for the aging Telnet protocol. It primarily adds encryption and data integrity to
Telnet, but can also provide superior authentication mechanisms such as public key authentication.
192.168.105.82 tcp 22 0 •OpenBSD OpenSSH 8.0

•ssh.algorithms.compression:
Page 20
Audit Report
none,zlib@openssh.com
•ssh.algorithms.encryption: aes256-
ctr,aes192-ctr,aes128-ctr
•ssh.algorithms.hostkey: rsa-sha2-
512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-
nistp256,ssh-ed25519
•ssh.algorithms.kex: curve25519-
sha256@libssh.org,ecdh-sha2-
nistp521,ecdh-sha2-nistp384,ecdh-
sha2-nistp256,diffie-hellman-group-
exchange-sha256
•ssh.algorithms.mac: hmac-sha2-
256,hmac-sha2-512
•ssh.banner: SSH-2.0-OpenSSH_8.0
•ssh.protocol.version: 2.0
exchange-sha256
256,hmac-sha2-512

Page 21
Audit Report
exchange-sha256
256,hmac-sha2-512
exchange-sha256
256,hmac-sha2-512

Page 22
Audit Report
exchange-sha256
256,hmac-sha2-512
exchange-sha256
256,hmac-sha2-512

exchange-sha256
256,hmac-sha2-512
Page 23
Audit Report

exchange-sha256
256,hmac-sha2-512

exchange-sha256
256,hmac-sha2-512

Page 24
Audit Report
exchange-sha256
256,hmac-sha2-512
exchange-sha256
256,hmac-sha2-512
Page 25
Audit Report
5. Discovered Users and Groups
5.1. System
5.1.1. 192.168.105.82
Account Name Type Additional Information
adm User •gid: 4

•loginShell: /sbin/nologin
•password: x
•user-id: 3
•userDir: /var/adm
ansible User •full-name: Usuario para administracion

•gid: 1004
•loginShell: /bin/bash
•password: x
•user-id: 1004
•userDir: /home/ansible
audio Group •group-id: 63
bin Group •group-id: 1
cdrom Group •group-id: 11
cgred Group •group-id: 995
chrony User •gid: 996

•password: x
•user-id: 998
•userDir: /var/lib/chrony
clevis User •full-name: Clevis Decryption Framework unprivileged user

•gid: 986
•password: x
•user-id: 991
•userDir: /var/cache/clevis
cockpit-ws User •full-name: User for cockpit web service

•gid: 990
Page 26
Audit Report
•password: x
•user-id: 995
•userDir: /nonexisting
cockpit-wsinstance Group •group-id: 989
daemon Group •group-id: 2
dbus User •full-name: System message bus

•gid: 81
•password: x
•user-id: 81
•userDir: /
dialout Group •group-id: 18
disk Group •group-id: 6
docker Group •group-id: 994
dockeradmin Group •group-id: 1003
floppy Group •group-id: 19
ftp User •full-name: FTP User

•gid: 50
•password: x
•user-id: 14
•userDir: /var/ftp
games Group •group-id: 20
gitlab-runner Group •group-id: 1005
halt User •gid: 0

•loginShell: /sbin/halt
•password: x
•user-id: 7
•userDir: /sbin
input Group •group-id: 999
isotester User •gid: 1000

•password: x
•user-id: 1000
•userDir: /home/isotester
Page 27
Audit Report
kmem Group •group-id: 9
kvm Group •group-id: 36
lock Group •group-id: 54
lp User •gid: 7
•password: x
•user-id: 4
•userDir: /var/spool/lpd
mail Group •group-id: 12
man Group •group-id: 15
mem Group •group-id: 8
nobody User •full-name: Nobody

•gid: 99
•password: x
•user-id: 99
•userDir: /
operator User •gid: 0

•password: x
•user-id: 11
•userDir: /root
polkitd Group •group-id: 998
postdrop Group •group-id: 90
postfix User •gid: 89

•password: x
•user-id: 89
•userDir: /var/spool/postfix
render Group •group-id: 993
root Group
setroubleshoot Group •group-id: 988
shutdown User •gid: 0

•loginShell: /sbin/shutdown
Page 28
Audit Report
•password: x
•user-id: 6
•userDir: /sbin
ssh_keys Group •group-id: 997
sshd User •full-name: Privilege-separated SSH

•gid: 74
•password: x
•user-id: 74
•userDir: /var/empty/sshd
sync User •gid: 0

•loginShell: /bin/sync
•password: x
•user-id: 5
•userDir: /sbin
sys Group •group-id: 3
systemd-coredump User •full-name: systemd Core Dumper

•gid: 992
•password: x
•user-id: 997
•userDir: /
systemd-journal Group •group-id: 190
systemd-network Group •group-id: 192
systemd-resolve User •full-name: systemd Resolver

•gid: 193
•password: x
•user-id: 193
•userDir: /
tape Group •group-id: 33
tcpdump Group •group-id: 72
tigoadmin User •gid: 1001

•password: x
•user-id: 1001
Page 29
Audit Report
•userDir: /home/tigoadmin
tlog Group •group-id: 987
tss Group •group-id: 59
tty Group •group-id: 5
unbound Group •group-id: 991
users Group •group-id: 100
utempter Group •group-id: 35
utmp Group •group-id: 22
video Group •group-id: 39
wheel Group •group-id: 10
5.1.2. 192.168.105.83
adm Group •group-id: 4

•gid: 1004
•password: x
•user-id: 1004
bin User •gid: 1

•password: x
•user-id: 1
•userDir: /bin

•password: x
•user-id: 998
Page 30
Audit Report
clevis Group •group-id: 986

•gid: 990
•password: x
•user-id: 995
cockpit-wsinstance User •full-name: User for cockpit-ws instances

•gid: 989
•password: x
•user-id: 994

•gid: 81
•password: x
•user-id: 81
•userDir: /

•gid: 50
•password: x
•user-id: 14
halt User •gid: 0

•password: x
Page 31
Audit Report
•user-id: 7
•userDir: /sbin
isotester Group •group-id: 1000
lp User •gid: 7
•password: x
•user-id: 4
mail User •gid: 12

•password: x
•user-id: 8
•userDir: /var/spool/mail

•gid: 99
•password: x
•user-id: 99
•userDir: /

•password: x
•user-id: 11
•userDir: /root
polkitd User •full-name: User for polkitd

•gid: 998
•password: x
•user-id: 999
Page 32
Audit Report
•userDir: /

•password: x
•user-id: 89
root Group
rpc Group •group-id: 32
rpcuser Group •group-id: 29

•password: x
•user-id: 6
•userDir: /sbin

•gid: 74
•password: x
•user-id: 74
sync User •gid: 0

•password: x
•user-id: 5
•userDir: /sbin
systemd-coredump Group •group-id: 992
systemd-network User •full-name: systemd Network Management

•gid: 192
Page 33
Audit Report
•password: x
•user-id: 192
•userDir: /
•gid: 193
•password: x
•user-id: 193
•userDir: /
tcpdump User •gid: 72

•password: x
•user-id: 72
•userDir: /

•password: x
•user-id: 1001
tlog User •full-name: Tlog terminal I/O logger

•gid: 987
•password: x
•user-id: 992
•userDir: /var/run/tlog
tss User •full-name: Account used by the trousers package to sandbox the tcsd
daemon
•gid: 59
•password: x
•user-id: 59
•userDir: /dev/null
unbound User •full-name: Unbound DNS resolver

•gid: 991
Page 34
Audit Report
•password: x
•user-id: 996
•userDir: /etc/unbound
5.1.3. 192.168.105.84
adm User •gid: 4

•password: x
•user-id: 3

•gid: 1004
•password: x
•user-id: 1004
bin User •gid: 1

•password: x
•user-id: 1
•userDir: /bin
chrony Group •group-id: 996

•gid: 986
Page 35
Audit Report
•password: x
•user-id: 991
cockpit-ws Group •group-id: 990
daemon User •gid: 2

•password: x
•user-id: 2
•userDir: /sbin

•gid: 81
•password: x
•user-id: 81
•userDir: /
dockeradmin User •full-name: Usuario para administrar docker

•gid: 1003
•password: x
•user-id: 1003
•userDir: /home/dockeradmin

•gid: 50
•password: x
•user-id: 14
games User •gid: 100

•password: x
•user-id: 12
Page 36
Audit Report
•userDir: /usr/games
halt User •gid: 0
•password: x
•user-id: 7
•userDir: /sbin
lp User •gid: 7
•password: x
•user-id: 4
nobody Group •group-id: 99

•password: x
•user-id: 11
•userDir: /root

•password: x
•user-id: 89
root User
Page 37
Audit Report
•gid: 0
•password: x
•userDir: /root
setroubleshoot User •gid: 988

•password: x
•user-id: 993
•userDir: /var/lib/setroubleshoot

•password: x
•user-id: 6
•userDir: /sbin

•gid: 74
•password: x
•user-id: 74
sync User •gid: 0

•password: x
•user-id: 5
•userDir: /sbin

•gid: 992
•password: x
•user-id: 997
•userDir: /
Page 38
Audit Report
systemd-network Group •group-id: 192
systemd-resolve Group •group-id: 193
tigoadmin Group •group-id: 1001
daemon
•gid: 59
•password: x
•user-id: 59
5.1.4. 192.168.105.85
adm User •gid: 4

•password: x
•user-id: 3

•gid: 1004
•password: x
•user-id: 1004
Page 39
Audit Report

•password: x
•user-id: 998
clevis Group •group-id: 986
dbus Group •group-id: 81
ftp Group •group-id: 50
halt User •gid: 0

•password: x
•user-id: 7
•userDir: /sbin
lp Group •group-id: 7
Page 40
Audit Report
nfsnobody User •full-name: Anonymous NFS User

•gid: 65534
•password: x
•user-id: 65534
•userDir: /var/lib/nfs

•gid: 99
•password: x
•user-id: 99
•userDir: /

•password: x
•user-id: 11
•userDir: /root

•password: x
•user-id: 89
root Group
rpc User •full-name: Rpcbind Daemon

•gid: 32
•password: x
•user-id: 32
•userDir: /var/lib/rpcbind
Page 41
Audit Report

•password: x
•user-id: 993

•password: x
•user-id: 6
•userDir: /sbin

•gid: 74
•password: x
•user-id: 74
sync User •gid: 0

•password: x
•user-id: 5
•userDir: /sbin

•gid: 992
•password: x
•user-id: 997
•userDir: /

•gid: 192
•password: x
•user-id: 192
Page 42
Audit Report
•userDir: /

•password: x
•user-id: 1001
daemon
•gid: 59
•password: x
•user-id: 59

•gid: 991
•password: x
•user-id: 996
5.1.5. 192.168.105.86
adm User •gid: 4

•password: x
•user-id: 3
Page 43
Audit Report
ansible Group •group-id: 1004

•password: x
•user-id: 998

•gid: 986
•password: x
•user-id: 991

•gid: 990
•password: x
•user-id: 995

•gid: 81
•password: x
•user-id: 81
•userDir: /
Page 44
Audit Report
docker_admin User •gid: 994

•password: x
•user-id: 1005
•userDir: /home/docker_admin
halt User •gid: 0

•password: x
•user-id: 7
•userDir: /sbin

•password: x
•user-id: 1000
lp User •gid: 7
•password: x
•user-id: 4

•password: x
•user-id: 8
mem Group
Page 45
Audit Report
•group-id: 8

•gid: 99
•password: x
•user-id: 99
•userDir: /

•password: x
•user-id: 11
•userDir: /root
postfix Group •group-id: 89
root User •gid: 0

•password: x
•userDir: /root

•gid: 32
•password: x
•user-id: 32

•password: x
•user-id: 993

•password: x
•user-id: 6
•userDir: /sbin
Page 46
Audit Report
sshd Group •group-id: 74
sync User •gid: 0

•password: x
•user-id: 5
•userDir: /sbin

•gid: 192
•password: x
•user-id: 192
•userDir: /

•password: x
•user-id: 1001

•gid: 987
•password: x
•user-id: 992
Page 47
Audit Report
5.1.6. 192.168.105.87
adm User •gid: 4

•password: x
•user-id: 3
bin User •gid: 1

•password: x
•user-id: 1
•userDir: /bin

•password: x
•user-id: 998

•gid: 986
•password: x
•user-id: 991

•gid: 990
•password: x
Page 48
Audit Report
•user-id: 995
•gid: 989
•password: x
•user-id: 994
dockeradmin User •full-name: Usuario para administrar docker

•gid: 1003
•password: x
•user-id: 1003

•gid: 50
•password: x
•user-id: 14
halt User •gid: 0

•password: x
•user-id: 7
•userDir: /sbin

Page 49
Audit Report
•password: x
•user-id: 1000

•password: x
•user-id: 8
nfsnobody Group •group-id: 65534

•password: x
•user-id: 11
•userDir: /root

•password: x
•user-id: 89
root User •gid: 0

•password: x
•userDir: /root
Page 50
Audit Report
•gid: 32
•password: x
•user-id: 32
rpcuser User •full-name: RPC Service User
•gid: 29
•password: x
•user-id: 29

•password: x
•user-id: 993

•password: x
•user-id: 6
•userDir: /sbin

•gid: 74
•password: x
•user-id: 74
sync User •gid: 0

•password: x
•user-id: 5
•userDir: /sbin
Page 51
Audit Report

•gid: 192
•password: x
•user-id: 192
•userDir: /

•gid: 987
•password: x
•user-id: 992
daemon
•gid: 59
•password: x
•user-id: 59

•gid: 991
•password: x
•user-id: 996
Page 52
Audit Report
5.1.7. 192.168.105.88
adm User •gid: 4

•password: x
•user-id: 3
bin User •gid: 1

•password: x
•user-id: 1
•userDir: /bin

•gid: 990
•password: x
•user-id: 993

•password: x
•user-id: 2
•userDir: /sbin

•gid: 81
•password: x
•user-id: 81
•userDir: /
Page 53
Audit Report

•password: x
•user-id: 12
halt User •gid: 0

•password: x
•user-id: 7
•userDir: /sbin

•password: x
•user-id: 1000
lp User •gid: 7
•password: x
•user-id: 4
Page 54
Audit Report

•password: x
•user-id: 11
•userDir: /root
rngd User •full-name: Random Number Generator Daemon

•gid: 992
•password: x
•user-id: 995
•userDir: /var/lib/rngd
root User •gid: 0

•password: x
•userDir: /root

•gid: 29
•password: x
•user-id: 29

•password: x
•user-id: 6
•userDir: /sbin
sssd Group •group-id: 993
sync User •gid: 0

Page 55
Audit Report
•password: x
•user-id: 5
•userDir: /sbin

•gid: 997
•password: x
•user-id: 999
•userDir: /

•gid: 193
•password: x
•user-id: 193
•userDir: /

•gid: 989
•password: x
•user-id: 992
daemon
•gid: 59
•password: x
•user-id: 59
Page 56
Audit Report
5.1.8. 192.168.105.89
bin User •gid: 1

•password: x
•user-id: 1
•userDir: /bin

•password: x
•user-id: 996

•password: x
•user-id: 2
•userDir: /sbin

•gid: 81
•password: x
•user-id: 81
Page 57
Audit Report
•userDir: /
dockeradmin User •gid: 1002

•password: x
•user-id: 1002

•password: x
•user-id: 12
halt User •gid: 0

•password: x
•user-id: 7
•userDir: /sbin

•password: x
•user-id: 1000
lp User •gid: 7
•password: x
•user-id: 4
Page 58
Audit Report

•password: x
•user-id: 8

•password: x
•user-id: 11
•userDir: /root

•gid: 992
•password: x
•user-id: 995
root User •gid: 0

•password: x
•userDir: /root

•gid: 32
•password: x
•user-id: 32

•gid: 29
•password: x
•user-id: 29
Page 59
Audit Report

•password: x
•user-id: 6
•userDir: /sbin

•gid: 74
•password: x
•user-id: 74
sync User •gid: 0

•password: x
•user-id: 5
•userDir: /sbin

•gid: 997
•password: x
•user-id: 999
•userDir: /

•gid: 193
•password: x
•user-id: 193
•userDir: /
Page 60
Audit Report
daemon
•gid: 59
•password: x
•user-id: 59

•gid: 991
•password: x
•user-id: 994
5.1.9. 192.168.105.90
bin User •gid: 1

•password: x
•user-id: 1
•userDir: /bin
Page 61
Audit Report

•gid: 991
•password: x
•user-id: 994

•gid: 990
•password: x
•user-id: 993

•gid: 81
•password: x
•user-id: 81
•userDir: /
dockeradmin User •gid: 1002

•password: x
•user-id: 1002

•password: x
•user-id: 12
Page 62
Audit Report
halt User •gid: 0

•password: x
•user-id: 7
•userDir: /sbin

•password: x
•user-id: 1000
lp User •gid: 7
•password: x
•user-id: 4

•password: x
•user-id: 8

•password: x
•user-id: 11
•userDir: /root
polkitd User •full-name: User for polkitd

•gid: 996
Page 63
Audit Report
•password: x
•user-id: 998
•userDir: /
rngd Group •group-id: 992
root Group

•gid: 29
•password: x
•user-id: 29

•password: x
•user-id: 6
•userDir: /sbin

•gid: 74
•password: x
•user-id: 74
sync User •gid: 0

•password: x
•user-id: 5
•userDir: /sbin
Page 64
Audit Report

•gid: 989
•password: x
•user-id: 992
5.1.10. 192.168.105.91
adm User •gid: 4

•password: x
•user-id: 3
bin User •gid: 1

•password: x
•user-id: 1
•userDir: /bin
Page 65
Audit Report

•password: x
•user-id: 995

•gid: 989
•password: x
•user-id: 992

•gid: 50
•password: x
•user-id: 14
halt User •gid: 0

•password: x
•user-id: 7
•userDir: /sbin
Page 66
Audit Report

•password: x
•user-id: 8
nobody User •full-name: Kernel Overflow User

•gid: 65534
•password: x
•user-id: 65534
•userDir: /

•password: x
•user-id: 11
•userDir: /root
rngd Group •group-id: 991
root Group

•password: x
•user-id: 990
Page 67
Audit Report
•password: x
•user-id: 6
•userDir: /sbin
sssd User •full-name: User for sssd

•gid: 993
•password: x
•user-id: 996
•userDir: /
sync User •gid: 0

•password: x
•user-id: 5
•userDir: /sbin

•gid: 193
•password: x
•user-id: 193
•userDir: /

•password: x
•user-id: 1001

•gid: 988
•password: x
Page 68
Audit Report
•user-id: 991

•gid: 995
•password: x
•user-id: 997
5.1.11. 192.168.105.92
adm User •gid: 4

•password: x
•user-id: 3

•gid: 1003
•password: x
•user-id: 1003
bin User •gid: 1

•password: x
•user-id: 1
•userDir: /bin
Page 69
Audit Report

•password: x
•user-id: 991

•gid: 991
•password: x
•user-id: 994

•gid: 50
•password: x
•user-id: 14
halt User •gid: 0

•password: x
•user-id: 7
•userDir: /sbin
Page 70
Audit Report

•password: x
•user-id: 1000
lp User •gid: 7
•password: x
•user-id: 4

•password: x
•user-id: 11
•userDir: /root

•gid: 992
•password: x
•user-id: 995
root User •gid: 0

•password: x
•userDir: /root
rpc Group
Page 71
Audit Report
•group-id: 32

•gid: 29
•password: x
•user-id: 29

•password: x
•user-id: 6
•userDir: /sbin

•gid: 74
•password: x
•user-id: 74
sync User •gid: 0

•password: x
•user-id: 5
•userDir: /sbin

•password: x
•user-id: 1001
Page 72
Audit Report
•gid: 989
•password: x
•user-id: 992
daemon
•gid: 59
•password: x
•user-id: 59
Page 73
Audit Report
6. Discovered Databases
No database information was discovered during the scan.
Page 74
Audit Report
7. Discovered Files and Directories

No file or directory information was discovered during the scan.
Page 75
Audit Report
8. Policy Evaluations
No policy evaluations were performed.
Page 76
Audit Report
9. Spidered Web Sites

No web sites were spidered during the scan.
Page 77

Upgrade Servidores Longinus - 2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Upgrade Servidores Longinus - 2

Uploaded by

Copyright:

Available Formats

Audit Report

Upgrade Servidores Longinus_2

Audited on November 4, 2022

Reported on November 4, 2022

Site Name Start Time End Time Total Time Status

Node Operating System Risk Aliases

192.168.105.92 Red Hat Enterprise Linux 8.6 2,368 •srvpockongapigtw.celtel.net

192.168.105.89 Red Hat Enterprise Linux 8.6 2,368 •srvpoclonginius08.celtel.net

192.168.105.90 Red Hat Enterprise Linux 8.6 2,368 •srvpoclonginus09.celtel.net

192.168.105.84 Red Hat Enterprise Linux 8.6 2,118 •srvpoclonginus03.celtel.net

192.168.105.91 Red Hat Enterprise Linux 8.6 2,118 •srvpoclonginus10.celtel.net

192.168.105.85 Red Hat Enterprise Linux 8.6 1,283 •srvpoclonginus04.celtel.net

192.168.105.87 Red Hat Enterprise Linux 8.6 585 •srvpoclonginus06.celtel.net

192.168.105.88 Red Hat Enterprise Linux 8.6 585 •srvpoclonginus07.celtel.net

192.168.105.86 Red Hat Enterprise Linux 8.6 585 •srvpoclonginus05.celtel.net

192.168.105.83 Red Hat Enterprise Linux 8.6 585 •srvpoclonginus02.celtel.net

192.168.105.82 Red Hat Enterprise Linux 8.6 585 •srvpoclonginus01.celtel.net

3. Discovered and Potential Vulnerabilities

3.1. Critical Vulnerabilities

3.2. Severe Vulnerabilities

Affected Nodes: Additional Information:

Affected Nodes: Additional Information:

srvpoclonginus08@1661794211 could not be resolved to an IP address via

3.2.2. Untrusted TLS/SSL server X.509 certificate (tls-untrusted-ca)

since it could indicate that a TLS/SSL man-in-the-middle attack is taking place

Affected Nodes: Additional Information:

192.168.105.84:10250 TLS/SSL certificate signed by unknown, untrusted CA: CN=srvpoclonginus03-

192.168.105.85:10250 TLS/SSL certificate signed by unknown, untrusted CA: CN=192.168.105.85-

192.168.105.89:4118 TLS/SSL certificate signed by unknown, untrusted CA: CN=ds_agent, O=Trend

192.168.105.89:10250 TLS/SSL certificate signed by unknown, untrusted CA: CN=srvpoclonginus08-

192.168.105.90:4118 TLS/SSL certificate signed by unknown, untrusted CA: CN=ds_agent, O=Trend

192.168.105.90:10250 TLS/SSL certificate signed by unknown, untrusted CA: CN=srvpoclonginus09-

192.168.105.91:10250 TLS/SSL certificate signed by unknown, untrusted CA: CN=srvpoclonginus10-

192.168.105.92:4118 TLS/SSL certificate signed by unknown, untrusted CA: CN=ds_agent, O=Trend

192.168.105.92:10250 TLS/SSL certificate signed by unknown, untrusted CA: CN=srvpockongapigtw-

3.2.3. Self-signed TLS/SSL certificate (ssl-self-signed-certificate)

Affected Nodes: Additional Information:

192.168.105.89:4118 TLS/SSL certificate is self-signed.

192.168.105.90:4118 TLS/SSL certificate is self-signed.

192.168.105.92:4118 TLS/SSL certificate is self-signed.

3.3. Moderate Vulnerabilities

3.3.1. User home directory mode unsafe (unix-user-home-dir-mode)

Affected Nodes: Additional Information:

Affected Nodes: Additional Information:

more permissive than 750.

4.1.1. Discovered Instances of this Service

Device Protocol Port Vulnerabilities Additional Information

192.168.105.84 tcp 6443 0 •sslv3: false

192.168.105.85 tcp 6443 0 •sslv3: false

192.168.105.89 tcp 6443 0 •sslv3: false

192.168.105.90 tcp 6443 0 •sslv3: false

192.168.105.91 tcp 6443 0 •sslv3: false

192.168.105.92 tcp 6443 0 •sslv3: false

4.2.1. Discovered Instances of this Service

Device Protocol Port Vulnerabilities Additional Information

192.168.105.84 tcp 10250 2 •ssl: true

Device Protocol Port Vulnerabilities Additional Information

Device Protocol Port Vulnerabilities Additional Information

Device Protocol Port Vulnerabilities Additional Information

Device Protocol Port Vulnerabilities Additional Information

Device Protocol Port Vulnerabilities Additional Information

Device Protocol Port Vulnerabilities Additional Information

Device Protocol Port Vulnerabilities Additional Information