- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Security Finding
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2016 11:07 AM
01-26-2016 11:07 AM
Security Finding
We recently had a security audit on our HP servers. Can files under /cgi-bin be removed? Any recomendation for securing these pages?
- The Assessment Team discovered directories containing jsp and cgi scripts. These scripts provided the team with valuable information. For example, the team browsed to http://xx.x.x.82/cgi-bin/showuser.cgi and discovered the web service was running as the user www. The team was also able to browse to http://xx.x.x82/cgi-bin/man2html and search for man pages. http://xx.x.x82/cgi-bin/printenv provided environment variable information
- Remove any unnecessary default directories or script.
I found these locations:
# find . -name cgi-bin
./opt/hpsmh/data/cgi-bin
./opt/hpws22/apache/cgi-bin
./opt/hpws22/apache/hpws_docs/.hp_docs/cgi-bin
./opt/hpws22/tomcat/hpws_docs/.hp_docs/cgi-bin
./opt/hpws22/hp_docs/cgi-bin
./opt/hpws/xmltools/hpws_docs/.hp_docs/cgi-bin
./opt/hpws/hp_docs/cgi-bin
#
Thanks
Jon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2016 05:35 PM
01-26-2016 05:35 PM
Re: Security Finding
You can remove the finding by stopping the Apache web server. All HP-UX servers will have scripts in cgi-bin as well as jsp files. The directories are part of the HP-UX tools such as SMH. Removing the files will permanently disable several system admin web-based services such as SMH.
This finding is a bit strange. Any computer that has web pages will have these directories. Removing them causes these pages to stop working. This isn't just for HP-UX. This finding would affect Linux, Solaris, AIX, anything that is running web pages. Since removing these files would cripple the functionality, you need to ask the network team about creating an isolated subnet with restricted access.
Bill Hassell, sysadmin