21 | | || '''Step''' || '''State''' || '''Date completed''' || '''Open Tickets''' || '''Closed Tickets/Comments''' || |
22 | | || 1A || [[Color(orange,Blocked)]] || || [exoticket:34] || blocked on information about bbn-hn configuration || |
23 | | || 1B || || || || ready to test || |
24 | | || 1C || || || || ready to test || |
25 | | || 2A || || || || ready to test || |
26 | | || 2B || || || || ready to test || |
27 | | || 2C || || || || ready to test || |
| 21 | || '''Step''' || '''State''' || '''Date completed''' || '''Open Tickets''' || '''Closed Tickets/Comments''' || |
| 22 | || 1A || [[Color(orange,Blocked)]] || || [exoticket:34] || blocked on information about bbn-hn configuration || |
| 23 | || 1B || [[Color(green,Pass)]] || 2012-05-27 || || || |
| 24 | || 1C || || || || ready to test || |
| 25 | || 2A || || || || ready to test || |
| 26 | || 2B || || || || ready to test || |
| 27 | || 2C || || || || ready to test || |
| 109 | ==== Results of testing step 1B: 2012-05-27 ==== |
| 110 | |
| 111 | * First ran `sudo netstat -anp | grep LISTEN`, and got rid of: |
| 112 | * things bound to 10.100.x.x interfaces |
| 113 | * things bound to 127.0.0.1 |
| 114 | * That left too many things to easily look at, so i also looked at the incoming-to-host firewall rules: |
| 115 | {{{ |
| 116 | sudo iptables -L -v -n |
| 117 | }}} |
| 118 | * Ignore things with source addresses in private or exogeni-server-old spaces |
| 119 | * Ignore things which reject incoming connections on the public interface before allowing them on private interfaces |
| 120 | * Finally, looking at what's left from all that, i identify the following listening programs: |
| 121 | {{{ |
| 122 | /usr/sbin/sshd |
| 123 | /usr/sbin/httpd |
| 124 | /usr/sbin/nginx |
| 125 | /usr/java/latest/bin/java (tomcat, in particular `/opt/orca*/tomcat/`) |
| 126 | }}} |
| 127 | Since httpd redirects to the SSL port and nginx is only serving the foam site, i don't see any obvious unencrypted login options. |
| 128 | |