Hardening Apache using OpenVAS and RedHat advisories
My institution uses a tool provided by Janet to scan for vulnerabilities in web/servers. We fix problems as soon as we see them. I have recently been looking at Apache on an up to date CentOS server. In order to test my changes I installed the FREE OpenVAS tool. The install is very straight forward and once I set up the firewall on a test server I could start scanning hosts.
The report was more verbose than the “complaint” report I was looking at. I understand that tools like this can not always tell if the flaw actually exists but instead takes clue emitted from the server e.g. openssh 2.2-v5. That example, gives out the version of the software for which a flaw may exist but does not know, in this case, that the server is already patched. In the report, a Common Vulnerabilities and Exposures code is given for each “flaw”. I looked these up to assess the threat taking RedHat at their word.
When RedHat explains that a CVE is already patched or that it does not apply because of the use of the machine I can override the test in the scan providing a cleaner report next time.
In this specific case, I was looking at the strength of SSL from one of our servers. Due to OpenVAS, I was lead to look at SSL compression, the tokens Apache emits and TRACE/TRACK methods too.
A big thumbs up for OpenVAS and RedHat’s CVE database.