X-SCAN扫描结果，我很危险么

很艰难地学习假设了一个linux服务器，关心下安全问题。下面是扫描结果，扫出11个提示，大家给点意见吧:0wl;l1
本报表列出了被检测主机的详细漏洞信息, 请根据提示信息或链接内容进行相应修补. 欢迎参加X-Scan脚本翻译项目

扫描时间
2009-9-10 20:29:20 - 2009-9-10 20:33:41


检测结果
存活主机 1
漏洞数量 0
警告数量 0
提示数量 11


主机列表
主机 检测结果
192.168.1.100 发现安全提示
主机摘要 - OS: Unknown OS; PORT/TCP: 80, 110, 443, 995, 3128, 8080
[返回顶部]


主机分析: 192.168.1.100
主机地址 端口/服务 服务漏洞
192.168.1.100 www (80/tcp) 发现安全提示
192.168.1.100 POP3-ssl (995/tcp) 发现安全提示
192.168.1.100 pop3 (110/tcp) 发现安全提示
192.168.1.100 HTTP proxy (3128/tcp) 发现安全提示
192.168.1.100 HTTP proxy server (8080/tcp) 发现安全提示
192.168.1.100 https (443/tcp) 发现安全提示


安全漏洞及解决方案: 192.168.1.100
类型 端口/服务 安全漏洞及解决方案
提示 www (80/tcp) 开放服务

"WEB"服务运行于该端口
BANNER信息 :

HTTP/1.1 200 OK
Date: Thu, 10 Sep 2009 12:30:16 GMT
Server: Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.1 with Suhosin-Patch
X-Powered-By: PHP/5.2.6-3ubuntu4.1
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 10 Sep 2009 12:30:16 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
charset=utf-8

NESSUS_ID : 10330
提示 www (80/tcp) http TRACE 跨站攻击

你的webserver支持TRACE 和/或 TRACK 方式。 TRACE和TRACK是用来调试web服务器连接的HTTP方式。

支持该方式的服务器存在跨站脚本漏洞，通常在描述各种浏览器缺陷的时候，把"Cross-Site-Tracing"简称为XST。

攻击者可以利用此漏洞欺骗合法用户并得到他们的私人信息。

解决方案: 禁用这些方式。


如果你使用的是Apache, 在各虚拟主机的配置文件里添加如下语句:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

如果你使用的是Microsoft IIS, 使用URLScan工具禁用HTTP TRACE请求，或者只开放满足站点需求和策略的方式。

如果你使用的是Sun ONE Web Server releases 6.0 SP2 或者更高的版本, 在obj.conf文件的默认object section里添加下面的语句:

AuthTrans fn="set-variable"
remove-headers="transfer-encoding"
set-headers="content-length: -1"
error="501"


如果你使用的是Sun ONE Web Server releases 6.0 SP2 或者更低的版本, 编译如下地址的NSAPI插件:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603


参见http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
http://www.kb.cert.org/vuls/id/867593

风险等级: 中
___________________________________________________________________


The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.

It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.

An attacker may use this flaw to trick your legitimate web users to
give him their credentials.


Solution :
Add the following lines for each virtual host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]


See also http://www.kb.cert.org/vuls/id/867593
Risk factor : Medium
BUGTRAQ_ID : 9506, 9561, 11604
NESSUS_ID : 11213
提示 www (80/tcp) 目录扫描器

该插件试图确认远程主机上存在的各普通目录
___________________________________________________________________

The following directories were discovered:
/admin, /archive, /bak, /cgi-bin, /data, /ftp, /global, /guestbook, /icons, /images, /inc, /links, /login, /temp, /template, /editor, /attachment, /plugin

While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards

NESSUS_ID : 11032
Other references : OWASP:OWASP-CM-006
提示 www (80/tcp) Web 映射

此脚本将映射远程web站点并提取一份远程主机所用的CGI列表.

建议你给此插件设置一个较高的超时值.
所要映射的页面需在客户端的'选项'中修改.

风险等级:无
___________________________________________________________________

The following CGI have been discovered :

Syntax : cginame (arguments [default value])

/template/ (C=S
O [A] C=N
O [D] C=M
O [A] C=D
O [A] )
/visit.php (job [search] searchmethod [] keyword [] )
/images/pic/ (C=S
O [A] C=N
O [D] C=M
O [A] C=D
O [A] )
/read.php (3 [] 6 [] 7 [] 8 [] 9 [] )
/view.php (go [user_1] )
/feed.php (go [category_1] )
/template/Media/ (C=S
O [A] C=N
O [D] C=M
O [A] C=D
O [A] )
/index.php (cm [9] go [category_1] cy [2008] mode [1] page [1] )
/inc/tpltune/ (C=S
O [A] C=N
O [D] C=M
O [A] C=D
O [A] )


Directory index found at /template/Media/
Directory index found at /template/

NESSUS_ID : 10662
提示 www (80/tcp) HTTP 服务器类型及版本

发现 HTTP 服务器的类型及版本号.

解决方案: 配置服务器经常更改名称,如:'Wintendo httpD w/Dotmatrix display'
确保移除类似 apache_pb.gif 带有 Apache 的通用标志, 可以设定 'ServerTokens Prod' 为受限
该信息来源于服务器本身的响应首部.

风险等级 : 低
___________________________________________________________________

The remote web server type is :

Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.1 with Suhosin-Patch


Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
NESSUS_ID : 10107
提示 www (80/tcp) 网络服务器存在robot(s).txt攻击


Some Web Servers use a file called /robot(s).txt to make search engines and
any other indexing tools visit their WebPages more frequently and
more efficiently.

By connecting to the server and requesting the /robot(s).txt file, an
attacker may gain additional information about the system they are
attacking.

Such information as, restricted directories, hidden directories, cgi script
directories and etc. Take special care not to tell the robots not to index
sensitive directories, since this tells attackers exactly which of your
directories are sensitive.

The file 'robots.txt' contains the following:
#
# Bo-blog V2.x
#

User-agent: *
Disallow: /admin/
Disallow: /bak/
Disallow: /data/
Disallow: /editor/
Disallow: /inc/
Disallow: /install/
Disallow: /images/
Disallow: /attachment/
Disallow: /temp/
Disallow: /template/
Disallow: /plugin/
Disallow: /view.php

Risk factor : None/Low
NESSUS_ID : 10302
提示 POP3-ssl (995/tcp) 开放服务

"POP3-ssl"服务可能运行于该端口.

NESSUS_ID : 10330
提示 pop3 (110/tcp) 开放服务

"pop3"服务可能运行于该端口.

NESSUS_ID : 10330
提示 HTTP proxy (3128/tcp) 开放服务

"HTTP proxy"服务可能运行于该端口.

NESSUS_ID : 10330
提示 HTTP proxy server (8080/tcp) 开放服务

"HTTP proxy server"服务可能运行于该端口.

NESSUS_ID : 10330
提示 https (443/tcp) 开放服务

"https"服务可能运行于该端口.

NESSUS_ID : 10330

未知驱动探索，专注成就专业