1.Diffie-Hellman Key Agreement Protocol 资源管理错误漏洞(CVE-2002-20001)
vim /etc/ssh/sshd_config
在文件中加入下方配置
KexAlgorithms -diffie-hellman-group1-sha1,diffie-hellman-group1-sha256,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha256,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha512
重启ssh服务
nohup systemctl restart sshd
2.SetCookie未配置Secure,httponly,SameSite属性
nginx修改方法
在nginx.conf中添加
proxy_cookie_path / "/; httponly;secure;SameSite=Lax";
apache修改方法
在http.conf中添加
Header always edit* Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"
Header always edit* Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; secure"
Header always edit* Set-Cookie ^(.*)$ $1;SameSite=Lax