On SCO OpenServer 5.0.7 security...
- See Also
As a result of a SCO OpenServer 5.0.7 user's security audit in 2012, the following mitigations were advised:
- /etc/inetd.conf was edited to comment out:
- rshd, rlogind, rexecd, fingerd, popper, imapd, smtpd
- The following commands were disabled by rename:
- mv /usr/bin/php /usr/bin/php.sav
Curl and libcurl, and PHP-CURL, as supplied on OpenServer 5.0.7, does not support TLS 1.2 and has many known vulnerabilities.
- Versions through 7.53.1 on SCO OpenServer 5.0.7 build via the GNU toolchain.
- Current versions of curl dependencies (zlib and openssl) are able to be built.
- curl/libcurl between 7.53.1 and 7.60.0 (inclusive) can build with a minor patch.
- curl/libcurl 7.61.0 and above contain the patch needed to build with the SCO-provided GNU tool chain.
The ssh client provided by SCO OpenServer 5.0.7 does not support key exchange algorithms needed by modern systems.
- It is possible to build a current version of OpenSSH for SCO OpenServer 5.0.7.
OpenSSL as supplied by SCO OpenServer 5.0.7 does not support TLS 1.2.
- It is possible to build a current version of OpenSSL for SCO OpenServer 5.0.7.
It is possible to build a newer (~2010) revision of sudo (1.6.9p23) for SCO OpenServer 5.0.7.
- Newer 1.7.x and 1.8.x series present various build challenges not yet overcome by this author.