Hi as discussed during the PTL meeting, we want to improve the security of ONAP. We integrate security tests in CI.
One of the security tests deal with the scanning of exposed HTTP port Lots of work has been done to move to HTTPS but some ports stil remain. Some exceptions are already know (AAF-FS) but not for all the current list of open port is robot 30209/tcp open http lighttpd 1.4.45 portal-sdk 30212/tcp open http Apache Tomcat 8.5.35 portal-app 30215/tcp open http Apache Tomcat 8.5.35 message-router 30227/tcp open http Jetty 9.4.z-SNAPSHOT dmaap-bc 30241/tcp open http Jetty 9.4.z-SNAPSHOT log-kibana 30253/tcp open http Elasticsearch Kibana 5.5.0 log-es 30254/tcp open http Elasticsearch REST API 5.5.0 (name: G6iV3ZX; cluster: onap-log; Lucene 6.6.0) dmaap-dr-prov 30259/tcp open http Jetty 9.4.z-SNAPSHOT cli 30260/tcp open http lighttpd 1.4.45 consul-server-ui 30270/tcp open http HashiCorp Consul service discovery httpd sniro-emulator 30288/tcp open http Jetty 9.2.22.v20170606 refrepo 30297/tcp open http Apache Tomcat 8.5.30 uui 30398/tcp open http Apache Tomcat 9.0.19 config-binding-service 30415/tcp open http Ajenti http control panel dashboard 30418/tcp open http Apache Tomcat 8.5.41 netbox-nginx 30420/tcp open http nginx music-tomcat 30476/tcp open http Apache Tomcat 8.5.50 cds-blueprints-processor-http 30499/tcp open rtsp aaf-fs 31115/tcp open http Jetty 9.4.14.v20181114 Could you check if you need an exception, ot if these ports can be closed? Thanks for your feedback /Morgan _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#19980): https://lists.onap.org/g/onap-discuss/message/19980 Mute This Topic: https://lists.onap.org/mt/71164209/21656 Group Owner: onap-discuss+ow...@lists.onap.org Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-