proftpd 'check server security' minor bug fix

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
Shmoopy
Junior Member
Posts: 1
Joined: 15 Nov 2009, 05:28

proftpd 'check server security' minor bug fix

Post by Shmoopy »

I believe I may have fixed a minor bug in the "Check Server Security" script. On my server at least, the "Check proftpd weak SSL/TLS Ciphers" test was giving a false positive. I managed to track down the issue to the regexp on line 645 of servercheck.pm.

Code: Select all

/TLSCipherSuite\s+(.*)$/
on my server, works better as:

Code: Select all

/TLSCipherSuite:\s+(.*)$/
Note the added colon. Without it the $ciphers var never gets populated which sets $status to 1 causing the false pos.

(My /var/cpanel/conf/proftpd/main looks like this)

Code: Select all

--- 
MaxInstances: none
TLSCipherSuite: HIGH:MEDIUM:+TLSv1:+SSLv3:-SSLv2
TLSRequired: 'off'
TimeoutIdle: 600
cPanelAnonymousAccessAllowed: 'yes'
Top
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

Thanks, I'll check it out.
Top
Post Reply

Return to “Report Bugs (csf)”