Firewall Scan

  • nessus scan: (neo login)
  • Changes in conf to avoid security warnings from campus scan
    • expose_php = Off (in php.ini)
    • Generate a self signed cert (The default cert of localhost.localdomain cert will cause nessus to issue a warning.)
      • openssl genrsa -out self.key 1024
      • openssl req -new -key self.key -x509 -days 365 -out self.crt
      • cp self.key /etc/pki/tls/private/
      • cp self.crt /etc/pki/tls/certs/
    • TraceEnable = Off (in httpd.conf, each vhost's conf, and ssl.conf)
    • SSLCipherSuite HIGH:!ADH:!EXPORT:!SSLv2:!aNULL:!eNULL:!NULL (in ssl.conf)