Potentially Risky Services: Account for SSL Tunnel – Bug Fix (FTP/S not risky service)

Question

Potentially Risky Services: Account for SSL Tunnel – Bug Fix (FTP/S not risky service)

Opened this issue a year ago · 2 comments

🐛 Summary

Description: Potentially Risky Service Alerts are being generated against port 990 (FTP over SSL). These alerts should not be occurring, as this is not a concern if it’s sending over SSL.

To reproduce

Whenever this is being detected on port 990, this is being flagged as a false positive and sending out alert emails to folks letting them know that this is a potentially risky service.

Expected behavior

When FTP over SSL is detected on port 990, this should be be flagged as a potentially risky service and no email should be generated.

Any helpful log output or screenshots

Location: https://github.com/cisagov/cyhy-reports/blob/develop/cyhy_report/customer/generate_report.py

Answer 1 · 2023-11-03T19:22:36.000Z

From @dav3r back on 05/16/20 8:36 in CYHYDEV-795:

Note to whoever from the Dev Team works on this- here's where you need to add this new check for service.tunnel=ssl when service.name=ftp:

https://github.com/jsf9k/cyhy-commander/blob/develop/cyhy_commander/nmap/nmap_importer.py#L120-L128

Answer 2 · 2023-11-07T02:01:12.000Z

@dav3r bumped this issue up on the priority within CyHy System due to BOD 23-02.