0

I have a CentOS server and we had a Retina security scan. I have no idea how to fix this vulnerability. Can you point me in the right direction? We are running nginx.

Giacomo1968
  • 3,542
  • 27
  • 38
user1130176
  • 173
  • 1
  • 10
  • 8
    That's not a vulnerability at all. – Michael Hampton Oct 08 '14 at 20:53
  • @MichaelHampton And yet, [it shows up in the list of vulnerabilities](http://www.trtechit.com/wp-content/uploads/2012/12/Executive-report.pdf). No idea why. – sysadmin1138 Oct 08 '14 at 20:56
  • 7
    You could consider it to be a vulnerability if it's found to be running on a server or port on which it shouldn't be. That said, most "security audit" companies I've dealt with are fully staffed by incompetent buffoons who've based their business on nmap scripts written by contractors. – Sammitch Oct 08 '14 at 21:08
  • 2
    Wtf did I just read. – Xavier Lucas Oct 08 '14 at 21:13
  • 1
    @Sammitch is correct. If it shouldn't be running, or at least responding (e.g. should be a service only accessible via localhost, like monit) then it is considered to be a problem. If it's supposed to be running then the auditors just need to be told that and what application/subsystem it's part of. – Gene Oct 08 '14 at 21:15
  • 1
    @Sammitch (and Gene) You should make these answers. – kbyrd Oct 08 '14 at 21:31
  • If it is not used, then it should be off. If it is used, it should be on. If you use it, is it for public or private use? If it's for private use, is it on private interfaces only? If it is for public use, is it monitored? Does traffic ever mix from public to private, or private to public? Those 6 sentences cover better than half of the garbage involved in securing your service. Can't speak for the rest. – Avery Payne Oct 08 '14 at 21:56

1 Answers1

0

"HTTP 1.1 Protocol Detected" is an informational audit message, one of those plotted in green in the charts you see in the report. Those messages don't indicate any actual vulnerabilities. Unfortunately the vulnerability list in the report is very unpractical, as it mixes all types of severity (info, low, medium, high) together.

Ale
  • 1,703
  • 17
  • 25
  • Thanks ale and @sammitch. Now I have to find a way to cite a reference that doesn't call the auditor a buffoon :-) Thanks for your help. – user1130176 Oct 08 '14 at 23:25