Related Tips & Info

How to Use FILTCFG to Protect Against Possible Security Vulnerability with ApacheAdmin on NetWare 6.5

smflood
0 Likes

TID 7001907 gives details about a potential security vulnerability with Apache, or more specifically ApacheAdmin, on NetWare 6.5 after you've installed an OES2 Linux server into the same tree.



However there seems to (currently) be some ambiguity about the actual cause and suggested fix.



Here's one way of securing access to port 2200 on your NetWare server using FILTCFG.




  1. edit sys:/etc/builtins.cfg and add the following line (perhaps before IPX services are defined)

PROTOCOL-SERVICE IP, NWWebMgr, pid=TCP port=2200 srcport=<All>, NetWare Web Manager

  • load INETCFG and navigate to Protocols | TCP/IP

  • change Filter Support to Enabled

  • load FILTCFG and navigate to Configure TCP/IP Filters | Define TCP/IP filters | Packet Forwarding Filters

  • change Status to Enabled

  • press [Ins] twice on Filters to add the following filter

Packet Type: NWWebMgr

  • press [Esc] and select Yes when prompted to Save Filter?

  • press [Ins] twice on Exceptions to add the following exception

Packet Type: NWWebMgr
Src Addr Type: Network
Src IP Address: network/netmask

  • press [Esc] and select Yes when prompted to Save Filter?

  • press [Esc] four times and select Yes when prompted to Exit FILTCFG?

  • RESTART SERVER (unfortunately - to re-read builtins.cfg)

Labels:

How To-Best Practice
Comment List
Parents
  • Yeah, what happened with SP8? I encountered another "published" fix that wasn't fixed just the other day: "260382 SCRSAVER - req for emergency password stored locally in an ecrypted file" was not included, even though it was published.
Comment
  • Yeah, what happened with SP8? I encountered another "published" fix that wasn't fixed just the other day: "260382 SCRSAVER - req for emergency password stored locally in an ecrypted file" was not included, even though it was published.
Children
No Data
Related
Recommended

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.