Hi @all, I have a rather large ISPconfig 3 production cluster spread around Europe and I'm in the middle of migrating some sensitive sites that handle sensitive data and I'd like to know if there's some compliance documentation either in the forum or some suggested link I can follow to pass Comodo security and SecureMetric assessments. Thanks.
As far as I know, there is no compliance documentation available. Which kind of tests is comodo doing?
Thanks Till for your response. I guessed that there were no docs. They run a quite thorough test suite, things like OpenSSL security vulnerabilities, we failed a bunchg of those tests on of of our shared hosting on the netherlands. Eg: Code: OpenSSH < 4.9 'ForceCommand' Directive Bypass ssh (4000/tcp) CVE-2008-1657 CGI Generic Path Traversal (write test) www (80/tcp) High 7.5 Fail HTTP TRACE / TRACK Methods Allowed www (443/tcp) CVE-2003-1567, CVE-2004-2320, CVE-2010- 0386 And a very comprehensive list that's not worth kludging the thread with. This is why I wanted to find some guidelines to assess the matter. Thanks anyways.
@MaxxNevis this spring i tested allmost freebies from Cpanel and one is free PCI compilance Scan from Mcafee for cpanel users... I do not know if that test is complex as Comodo one it's for for Level 2-4 merchants applications.cpanel.net/free-pci-compliance-scans-by-mcafee-secure/ I simply do all recommendations in Cpanel for Apache (hide server hide php) adjust other service cipher to not have low on all services where i found pci compilance metioned add a CSF firewall (cause they verify do you block port scanning) think on medium ssh was with key only (centos 6) and pass it (if you have cpanel server on hand you can check it) and then replicate to isp config
