Tag: 4338

Categories
Knowledge Support Support exacqVision Server Categories Products

Removing Unused LSI MegaRAID Storage Management Software on Ubuntu Linux to Eliminate Open Port 3071 Vulnerability

Symptom:

Vulnerability scans may detect and indicate that port 3071 is Open/Listening because of the installed LSI MegaRAID Storage Management software (LSI MSM) on an Ubuntu Linux server that does not have hardware support for RAID configuration. IF IT IS NOT BEING USED, the software may be removed to eliminate this vulnerability.

The following Ubuntu Linux commands may be used to confirm this condition.

admin@ER1234567890:~$sudo netstat –lntup

Display excerpt…

Active Internet connections (only servers)
Proto Recv-Q      Send-Q      Local Address     Foreign Address   State PID/Program name
Tcp   0     0     0.0.0.0:3071      0.0.0.0:*         LISTEN      1311/java
Udp   0     0     0.0.0.0:3071      0.0.0.0:*               1595/java

OR

admin@ER1234567890:~$ sudo lsof -i -P -n

Display excerpt…

COMMAND     PID   USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
java       1595   root   20u  IPv4   11857      0t0  UDP *:3071
java       1595   root   24u  IPv4   12538      0t0  TCP *:3071 (LISTEN)

Requirement(s):

Physical or remote access to the exacqVision Server with a “full admin” role.

Resolution:

NOTE: For the purposes of the following instructions. Left-click is defined as and will be used to “select an item” and Right-click is defined as and used to “display additional options that apply to the item.” This is typical of a mouse configured for a “right-handed” operator.

Figure 1. The Ubuntu exacqVision Desktop displays the LSI MSM icon.

A variant of the previously mentioned netstat terminal command provides a concise way to check.

admin@ER1234567890:~$ sudo netstat –lntup | grep –i 3701

  • Left-click on “Applications” on the top menu of the Desktop.
  • Left-click on “System Tools” from the dropdown menu.
  • Left-click on “Terminal” from the following menu.

Figure 2. Using Terminal to check for port 3071 in LISTEN mode.

Figure 3. Steps 1-3.

  1. Left-click on “Applications” on the top menu of the Desktop.
  2. Left-click on “System Tools” from the dropdown menu.
  3. Left-click on “Smart Package Manager” from the following menu.

Figure 4. Steps 4-6.

  1. Left-click in the search box (with the magnifying glass) and type “megaraid” and the “Package list” should be reduced to just the “megaraid-storage-manager.”
  2. Left-click on the “megaraid-storage-manager” line item
  3. Left-click on the “Remove” selection.

Figure 5. Steps 7-10.

  1. Left-click on “File” from the pull-down menu.
  2. Left-click on the “Execute Changes…” from the following menu.
  3. Left-click on the “OK” button.
  4. Wait for the “Operation Progress” popup window to appear and indicate “100%”.  Close the “Smart Package Manager.

Figure 6. Use Terminal to verify the port is no longer open.

admin@ER1234567890:~$ sudo netstat –lntup | grep –i 3701

A blank reply means that it is no longer active.

Figure 7. Steps 11 & 12.

  1. Right-click on “LSI MSM” icon on the Desktop.
  2. Left-click on “Delete” from the popup window.
  3. Done.