Nessus false positives and errors
Submitted by wbetts on Tue, 2008-03-11 16:25.
Under: Nessus findings on STAR DB servers with False Positive marks sampled on March 11, 2008
Here are the list of Nessus scan results that are marked as False Positives, Operational Need, Acceptable Risk, etc.:
| NODE | RISK | PORT | ISSUE | COMMENT |
| db01.star.bnl.gov | HIGH | 22 | SSH version | Updated Redhat packages have been installed that address this vulnerability without updating the version number. (wbetts) |
| db02.star.bnl.gov | HIGH | 3316 | anonymous DB access w/o password | There is no sensitive information in these databases, and the anonymous account has read-only privileges. (wbetts) |
| db06.star.bnl.gov | HIGH | 3316 | anonymous DB access w/o password | root has a password associated with both local host and network accessible accounts. The anonymous account access is acceptable. (wbetts) |
| db06.star.bnl.gov | HIGH | 22 | SSH version | This system has the latest RedHat openssh packages for Enterprise Linux 3, which include backported patches for these issues. (wbetts) |
| db07.star.bnl.gov | HIGH | 3316 | anonymous DB access w/o password | The database administrator asserts that there is no operational risk. "root" is not a privileged account. The "root" user (or any other user) has very limited access (and no write access) when conn (wbetts) |
| db07.star.bnl.gov | HIGH | 22 | SSH version | RHEL 3 WS with latest RH ssh packages (wbetts) |
| onldb01.starp.bnl.gov | HIGH | 3502 | anonymous DB access w/o password | Root has a password associated with it: mysql -S /tmp/mysql.3503.sock -u root ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO) Anonymous user only have acce (dephilli) |
| onldb01.starp.bnl.gov | HIGH | 3501 | anonymous DB access w/o password | Root has a password associated with it: mysql -S /tmp/mysql.3503.sock -u root ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO) Anonymous user only have acce (dephilli) |
| onldb01.starp.bnl.gov | HIGH | 3406 | anonymous DB access w/o password | root has a password / only non priveleged read only accounts from specific locations remain unpassworded (dephilli) |
| onldb01.starp.bnl.gov | HIGH | 3503 | root DB access w/o password | Root has a password associated with it: mysql -S /tmp/mysql.3503.sock -u root ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO) Anonymous user only have acce (dephilli) |
The passwordless accounts ("root" and "anonymous") are only distinguished in the details of each finding -- our comments sometimes address root when anoymous is found or vice versa.
Other db nodes have no marked findings at this time: robinson, heston, db03, db04, db05, db08, db09, db10, db11, onldb01, onldb2, onldb03, coburn, colbert, pegasus, lx1, bogart, brando. Many of these have no scan results at all, which bears investigation.