The following is a quick series of notes for fixes for vulnerabilities that may be found when running a penetration test using OpenVAS
Most of these notes are written for Linux, some have notes on how they apply to other systems.
SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
This routine reports all SSL/TLS cipher suites accepted by a service where attack vectors exists only on HTTPS services.
Edit the ssl.conf file and set the two following values
SSLProtocol -ALL TLSv1.2 SSLCipherSuite !ADH:!aNULL:!MD5:!RC4:HIGH
TCP time stamps
It was detected that the host implements RFC1323.
echo "net.ipv4.tcp_timestamps = 0" > /etc/sysctl.d/tcp_timestamps.conf sysctl -p
Result: SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection
Set the SSLProtocol value as follows in the ssl.conf file and add it also to every virtualized web site (add the line right after the “SSLEngine on” if you are not sure where it goes)
SSLProtocol -ALL TLSv1.2
HTTP Debugging Methods (TRACE/TRACK) Enabled
add the line
to the end of /etc/http/conf/httpd.conf file
SSH Weak Encryption Algorithms Supported
ssh cipher encryption custom aes128-ctr:aes256-ctr:aes128-ctr
ssh key-exchange group dh-group14-sha1
ssh version 2
SSH Weak MAC Algorithms Supported
ssh cipher integrity high
nmap --script ssh2-enum-algos -sV -p <port> <host>