HPE Community
Operating System - HP-UX
1820485 Members
2405 Online
109624 Solutions
New Discussion юеВ

EMC Legato NetWorker uses weak AUTH_UNIX authenti

 
SOLVED
Go to solution
Juan M Leon
Trusted Contributor

тАО01-12-2007 06:51 AM

тАО01-12-2007 06:51 AM

EMC Legato NetWorker uses weak AUTH_UNIX authenti

Hello everyone. I hope some one can help me.
My security department hs pointed that one of our server failed the security sweep for EMC Legato Networker.
Tracing the port and process I found what trigers the alert:
:> /sof_11.11 -i tcp:7938
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nsrexecd 3145 root 4u inet 0x7dfdb640 0t0 TCP *:7938 (LISTEN)
:> ps -ef | grep nsrexecd
root 3145 1 0 Jul 15 ? 0:04 /opt/networker/bin/nsrexecd
root 3146 3145 0 Jul 15 ? 0:28 /opt/networker/bin/nsrexecd
root 5136 20833 0 14:27:19 ttyp1 0:00 grep nsrexecd
:>

The nsrexecd is part of the NetWorker client execution service. I want to know if we can shutdown this service or this service is critical for the server functionality

I have two options, if this is critical for the server does anyone know where to find the HP patches or if this is not critical for server can we stop the service.

Thank you

0 Kudos
Reply
3 REPLIES 3
D Block 2
Respected Contributor

тАО01-13-2007 04:12 PM

тАО01-13-2007 04:12 PM

Re: EMC Legato NetWorker uses weak AUTH_UNIX authenti

Juan,

port ?
7938 udp lgtomapper Legato NetWorker portmapper


check out link:
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=6691

taken from google space, so these are known attack ports.. so what next.

This is a UDP port, correct ?

Here's a list of Older pathes
LEGATO ERROR PATCHESHP Recommends

PHCO_23651
PHCO_23876
PHKL_18543
PHKL_20016
PHKL_22589
PHKL_22677
PHKL_24027
PHKL_24612


you can find this link at
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=129552

good hunting,
T.
Golf is a Good Walk Spoiled, Mark Twain.
0 Kudos
Reply
Don Mallory
Trusted Contributor

тАО01-15-2007 12:45 AM

тАО01-15-2007 12:45 AM

Solution

Re: EMC Legato NetWorker uses weak AUTH_UNIX authenti

Yes, nsrexecd is the client for Legato Networker. If you are concerned about having backups, then yes this is critical.

There has been a lot of buzz around the security of the Networker daemons. First, check which version of the client (and server) you are running. Networker doesn't play well when both are out of sync, but try to stay at or above v7.2.1. (swlist will show it as not part of a bundle). 7.3 added a lot of need fixes and functionality.

Next, yes, there is weak authentication. Try to keep it behind a firewall and block external access. The problem is that networker uses a LOT of ephemeral ports, and they move around (it's RPC).

You could also limit access to the host from the backup server only using ipfilter on the host as well to add another layer of Defence in Depth.

You might also want to raise the issue of security with EMC Legato. If enough people complain, they may offer encrypted tunnels or other means. Keep in mind that encrypted tunnels will mean a 100% overhead in packets and therefore an 100% increase in the time it takes to complete your backups.

Reply
Florian Heigl (new acc)
Honored Contributor

тАО01-15-2007 11:41 PM

тАО01-15-2007 11:41 PM

Re: EMC Legato NetWorker uses weak AUTH_UNIX authenti

Well of course You can turn off the nsrexecd - that is: if You don't need backups.

Secondly, as far as I know NetWorker 7.3 supports some more cryptographic means of authentication. It should be able to use it integrated with an enterprise PKI.

This is clearly where Your security department comes into play. Ask them how You should integrate the 7.3 NetWorker with the security environment they demand.

Probably You won't see them for a little while. :=
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.