漏洞扫描问题解决汇总

1.点击劫持：X-Frame-Options未配置

在nginx的http下配置
add_header X-Frame-Options SAMEORIGIN;

2.检测到目标服务器启用了OPTIONS方法

#在tomcat的web.xml里添加
 <!-- 关闭不安全的HTTP方法 -->
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>http method security</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>PUT</http-method>
            <http-method>DELETE</http-method>
            <http-method>HEAD</http-method>
            <http-method>OPTIONS</http-method>
            <http-method>TRACE</http-method>
        </web-resource-collection>
        <auth-constraint/>
    </security-constraint>


#重启tomcat
#测试
curl -v -X OPTIONS http://ip:prot

3.检测到错误页面web应用服务器版本信息泄露

#cd 到tomcat的lib目录下
#解压
unzip catalina.jar
#修改信息
vim org/apache/catalina/util/ServerInfo.properties
server.info=Apache Tomcat
server.number=0.0.0.0
server.built=Feb 16 2019 17:13:17 UTC
#添加到jar包中
jar uvf catalina.jar org/apache/catalina/util/ServerInfo.properties
#重启comcat

4.OpenSSH 用户枚举漏洞(CVE-2018-15473)

#升级到OpenSSH_7.9p1,版本
#下载telnet防止ssh中断
yum -y install telnet-server* telnet

#配置
vim /etc/xinetd.d/telnet
disable字段的yes改为no以启用telnet服务 
/etc/init.d/xinetd start 

#创建普通用户连接并给予sudo权限
useradd zzj 
passwd zzj

#新窗口连接
telnet  xx.xx.xx.xx

#卸载之前ssh
yum remove openssh -y

#下载依赖
yum install gcc openssl-devel zlib-devel

#下载openssh
https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/

#解压安装
tar xf  openssh-7.9p1.tar.gz
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-openssl-includes=/usr --with-privsep-path=/var/lib/sshd 
make && make install

#拷贝启动脚本
cp ./contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd


#配置sshd_config文件
vim /etc/ssh/sshd_config
根据实际配置


#加载配置文件重启
/etc/init.d/sshd restart

#完成更新关闭telnet

 

转载于:https://www.cnblogs.com/zuozhengjun/p/10736808.html