Question

2

Enabling TCP MD5 signatures in 12.04?

rated 0 times [ 2] [ 0] / answers: 1 / hits: 1896 / 2 Years ago, wed, october 5, 2022, 3:30:56

After running a NeXpose scan of one of my servers, I'm getting notice that TCP MD5 signatures may not be enabled. I've looked all over the net and from what I can see this feature should be enabled in the most recent kernels, but I still cannot figure out a way to confirm. Any help would be greatly appreciated.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

landarre

Add To Favorites

Follow

Total Points: 254

Total Questions: 96

Total Answers: 109

Location: Burundi

Member since Sun, Apr 16, 2023

1 Year ago

answered 2 Years ago ligenvirt · Accepted Answer

Run this from terminal:

grep MD5SIG /boot/config-`uname -r`

if you see this:

CONFIG_TCP_MD5SIG=y

Then TCP MD5 signatures are compiled in kernel, so your OS is able to use them (in such case, you have false positive from scanner).

Depending on what scanner was actually reporting, please note that for every TCP connection, MD5 signatures needs to be explicitly enabled by calling setsockopt.