| View previous topic :: View next topic |
| Author |
Message |
NiceGuy
Guru
Joined: 12 Jun 2006
Posts: 451
Location: Canada
|
 Posted: Mon May 26, 2008 9:29 pm Post subject: Enumerate installed software via ssh |
 |
|
Hello,
Just ran a nessus scan on my Gentoo Server, and reports:
| Code: | Family General:
Nessus Plugin ID: 22869
Bugtraq ID
CVE ID
Description:
Synopsis :
It is possible to enumerate installed software on the remote host, via SSH.
Description :
This plugin lists the software installed on the remote host by calling the
appropriate command (rpm -qa on RPM-based Linux distributions, etc...) |
Then the report goes on to list all the installed software on my remote Gentoo server ... I really do not like this, does anybody have a solution to prevent the retrieval of such information.
Additionally, Gentoo is not rpm based, so don't know what the whole "rpm -qa" is about.
Thanks
_________________
success is the ability to go from one failure to the next without any loss of enthusiasm |
|
| Back to top |
|
 |
Desintegr
l33t
Joined: 25 Mar 2004
Posts: 863
Location: France - Orléans
|
| Posted: Mon May 26, 2008 9:35 pm Post subject: |
|
|
rpm -qa lists all installed packages on a RPM based system (Redhat, Fedora, etc.)
On Gentoo, you can use qlist -I or equery list to do the same thing.
You can also use commands like find /var/db/pkg/ -type d.
_________________
Gentoo ~AMD64
Hoc Volo, Sic Jubeo !
Mon wiki : http://desintegr.free.fr |
|
| Back to top |
|
|
cyberjun
Apprentice
Joined: 06 Nov 2005
Posts: 293
|
| Posted: Tue May 27, 2008 2:24 am Post subject: |
|
|
Hi,
It seems nessus is using your ssh keys to log on to the remote server (since you must have set up ssh passwordless login for that server from the box on which you are running nessus). Here is the http://www.nessus.org/plugins/index.php?view=viewsrc&id=22869 to the source of that nessus plugin.
The rpm stuff it shows is just an example. In your case it must have executed qpkg-list. I don't think there is anything abnormal in this unless I am wrong about the assumption that you have configured password less login to your server.
To confirm, run nessus from a machine, from which you cannot log-on password less-ly to your server.
cheers,
--cyberjun |
|
| Back to top |
|
|
NiceGuy
Guru
Joined: 12 Jun 2006
Posts: 451
Location: Canada
|
| Posted: Tue May 27, 2008 2:29 pm Post subject: |
|
|
Hello,
Thanks for the replies. Unfortunately, I do not/ nor have I ever set the Gentoo server up to allow for password-less logins. Additionally, my Gentoo system does not have the qlist or qpkg-list commands available. Somehow the installed package are being displayed.
Still trying to prevent this.
Thanks
_________________
success is the ability to go from one failure to the next without any loss of enthusiasm |
|
| Back to top |
|
|
|
Networking & Security
