We are getting failed scans on ssh for port 8601 on the Data Collector (DC) in DX NetOps Performance Management.
We are getting failed scans on ssh for port 8501 on the Data Aggregator (DA) in DX NetOps Performance Management.
All supported DX NetOps Performance Management releases
Security is reporting that there is a vulnerability on port 8501 on the DC and port 8601 on the DA.
By default karaf used by both servers uses ssh arcfour256.
The Data Collector and Data Aggregators install the high encryption pack, so now aes256 is available as an encryption method.
To enable it edit the org.apache.karaf.shell.cfg file on both DA and DC. Using default paths they'd be found in:
In the file add the following line:
Restart all services on both systems. To do so for standalone DA environments:
In a Fault Tolerant Data Aggregator environment:
This change will need to be made after each upgrade of the product.
This file is backed up to */backup/apache-karaf/etc before we lay down a new version. But we don't restore the file.