We have a client that runs a vulnerability scan on their site every quarter. Since we've just recently moved their site to our new Interworx box, they found some new vulnerabilities they'd like us to address.

1. SSL 2.0 - They'd like us to disable this but I'm not sure how or why it's a security issue. Any ideas how to do this?

2. Microsoft IIS SSL - This one really confuses me since we're running CentOS. I'm not sure how they could detect an IIS vulnerability on a Linux box. Specifically it's the MS04-011 vulnerability. Any clue how this could even get triggered?

3. DNS server - They say our DNS server doesn't respond to TCP requests but only UDP. Is this the normal configuration for Interworx?

HI Whoisjb

1. Edit /etc/httpd/conf.d/ssl.conf
Change the line:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL
to
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:!SSL v2:+EXP:+eNULL
Restart webserver

2. That is indeed a mystery. These vulnerability scanners can be notoriously dumb sometimes.

3. Yes, this is the normal default configuration for InterWorx. If you don't have a specific need for TCP requests for DNS, this is fine.

Paul

Thanks for the quick response. I changed the ssl.conf file but apache won't restart now. Sorry, my mistake I forgot to remove the + before adding the ! next to SSLv2. Thanks again!

I must be missing a step or something, I told you that from memory. Check the /var/log/httpd/error_log when trying to start it up with the change, and google that error, assuming there is one. That's what I would do :)

Paul