*#NetScaler CLI Snippet thread for #CVE201919781 compromised boxes*
SingleNode must be completely restored from the backup.
For HA-Pair you can failover to a secondary box that is not compromised. However, make sure that the CVE responder is installed.
#NetScalerRocks
(1/5)
SingleNode must be completely restored from the backup.
For HA-Pair you can failover to a secondary box that is not compromised. However, make sure that the CVE responder is installed.
#NetScalerRocks
(1/5)
You must change all local system user passwords:
[CLI]
set system user nsroot –password [New Password]
[2/5)
[CLI]
set system user nsroot –password [New Password]
[2/5)
You must change all used services user passwords (e.g. for LDAP Bind):
[CLI]
set authentication ldapAction [ActionName] –ldapBindDnPassword [New Password]
[3/5)
[CLI]
set authentication ldapAction [ActionName] –ldapBindDnPassword [New Password]
[3/5)
You must force all users to change their password on next logon (LDAPS is required):
[CLI]
set authentication ldapAction [ActionName] -PasswdChange ENABLED
[4/5)
[CLI]
set authentication ldapAction [ActionName] -PasswdChange ENABLED
[4/5)
You must revoke and re-create all SSL Certificates:
[CLI]
add ssl certKey [CertName] -cert [CertFile] -key [KeyFile] -password [New Passphrase]
bind ssl vserver [VServerName] -certkeyName [CertName]
[5/5)
[CLI]
add ssl certKey [CertName] -cert [CertFile] -key [KeyFile] -password [New Passphrase]
bind ssl vserver [VServerName] -certkeyName [CertName]
[5/5)
@threadreaderapp unroll
