Resolution of PCI compliance on CentOS VPS

$10-30 AUD

Closed

Posted

over 4 years ago

$10-30 AUD

Paid on delivery

Nee quick help with PCI compliance on CentOS which is failing in following 6 points. 1) Banner based vulnerabilities for ISC BIND 9.9.4 (To apply the latest vendor patches to the ISC BIND 9.9.4 service running on port 53) 2) Banner based vulnerabilities for openSSH 7.4 (To apply the latest vendor patches to OpenSSH 7.4 service running on port 22) 3) SSL Weak or Medium Strength Cipher Suites supported (Reconfigure the affected application to disable the use of weak and medium strength ciphers) 4) Weak DH Key Exchange Supported (PCI DSS) (To consult the software's manual and reconfigure the service to use at least 2048-bit DH parameters. Alternatively, disable DH and use only Elliptic-curve Diffie-Hellman (ECDH) instead. 5) ISC BIND 9 < 9.9.10-P2 / 9.9.10-S3 / 9.10.5-P2 / 9.10.5-S3 / 9.11.1-P2 Multiple Vulnerabilities (Upgrade ISC BIND version 9.9.10-P2 / 9.9.10-S3 / 9.10.5-P2 / 9.10.5-S3 / 9.11.1-P2 or later. 6) Open MySQL database port (Disable public-facing acess to your MySQL database) Have a thorough look and if you think you can help me resolve each of these points then provide your fixed price quote.

Project ID: 20857230

About the project

3 proposals

Remote project

Active 5 yrs ago

Looking to make some money?

Email address

Benefits of bidding on Freelancer

Set your budget and timeframe

Get paid for your work

Outline your proposal

It's free to sign up and bid on jobs

3 freelancers are bidding on average $103 AUD for this job

@pardusIT

Hello, Based on your information: -- Item 6 is fairly easy, can be completed within minutes if you have root access over ssh to the server. -- Items 1 and 5 are related and can be solved by upgrading BIND package . At this point i need to check your CentOS version and to see if it has updated packages in its repository for BIND package (above 9.9.X). If it does not contain then i may manually add this package or try to disable banner vulnerabilities by disabling it. (meanwhile do you indeed use a DNS service on your server or its there because its installed by default). -- Item 3 is an SSH banner issue and can be solved either updating package and/or removing banners from it. For items 4 and 5 i need to check which apps are mentioned there - i mean to solve the problem first we need to understand if those are reported for SSH or for Apache or for other services on your server - I think we can spot it out by examining your PCI scan report output. I am honestly an expert level Linux admin with additionally owning CISA and CISSP certifications. So i know how to handle issues/security configurations on NIX boxes. I am reliable and hardworking. Please drop me a message to discuss the details, ping me whenever you are suitable. Regards, Pardus.

$60 AUD in 3 days