Potentially Risky Services: Account for SSL Tunnel โ Bug Fix (FTP/S not risky service)
Opened this issue ยท 2 comments
๐ Summary
Description: Potentially Risky Service Alerts are being generated against port 990 (FTP over SSL). These alerts should not be occurring, as this is not a concern if itโs sending over SSL.
To reproduce
Whenever this is being detected on port 990, this is being flagged as a false positive and sending out alert emails to folks letting them know that this is a potentially risky service.
Expected behavior
When FTP over SSL is detected on port 990, this should be be flagged as a potentially risky service and no email should be generated.
Any helpful log output or screenshots
Location: https://github.com/cisagov/cyhy-reports/blob/develop/cyhy_report/customer/generate_report.py
From @dav3r back on 05/16/20 8:36 in CYHYDEV-795:
Note to whoever from the Dev Team works on this- here's where you need to add this new check for service.tunnel=ssl when service.name=ftp:
https://github.com/jsf9k/cyhy-commander/blob/develop/cyhy_commander/nmap/nmap_importer.py#L120-L128
@dav3r bumped this issue up on the priority within CyHy System due to BOD 23-02.