OS-SCO-Security

From KRayWiki
Jump to navigation Jump to search

On SCO OpenServer 5.0.7 security...

See Also 
OS-SCO

Audits

As a result of a SCO OpenServer 5.0.7 user's security audit in 2012, the following mitigations were advised:

  1. /etc/inetd.conf was edited to comment out:
    rshd, rlogind, rexecd, fingerd, popper, imapd, smtpd
  2. The following commands were disabled by rename:
    mv /usr/bin/php /usr/bin/php.sav

curl

Curl and libcurl, and PHP-CURL, as supplied on OpenServer 5.0.7, does not support TLS 1.2 and has many known vulnerabilities.

  • Versions through 7.53.1 on SCO OpenServer 5.0.7 build via the GNU toolchain.
    • Current versions of curl dependencies (zlib and openssl) are able to be built.
  • curl/libcurl between 7.53.1 and 7.60.0 (inclusive) can build with a minor patch.
  • curl/libcurl 7.61.0 and above contain the patch needed to build with the SCO-provided GNU tool chain.

openssh

The ssh client provided by SCO OpenServer 5.0.7 does not support key exchange algorithms needed by modern systems.

  • It is possible to build a current version of OpenSSH for SCO OpenServer 5.0.7.

openssl

OpenSSL as supplied by SCO OpenServer 5.0.7 does not support TLS 1.2.

  • It is possible to build a current version of OpenSSL for SCO OpenServer 5.0.7.

sudo

It is possible to build a newer (~2010) revision of sudo (1.6.9p23) for SCO OpenServer 5.0.7.

  • Newer 1.7.x and 1.8.x series present various build challenges not yet overcome by this author.