Problem:
If you're no longer running any 5.8.x version Connector ID Keys or using 5.8.x Network Station appliances, then you could drop traffic to these legacy TCP ports on the internal firewall to reduce the attack surface of the Stratusphere HUB and resolve any items being flagged on security scans relating to ciphers or certificates for these TCP ports 5501 and 5502.
Possible resolution:
SSH using PuTTY or other tool so you can copy/paste.
SSH to HUB as friend/sspassword (if defaults)
Execute the following to update the local firewall:
sudo bash (same sspassword when prompted, if default)
sed -i 's/5501.*ACCEPT/5501 -m state --state NEW,RELATED,ESTABLISHED -j DROP/; s/5502.*ACCEPT/5502 -m state --state NEW,RELATED,ESTABLISHED -j DROP/' /etc/sysconfig/iptables
Execute the following to restart the firewall (version 6.0.x-6.5.0):
/etc/init.d/iptables restart
Or, restart the firewall (version 6.5.1+):
systemctl restart iptables
Confirm DROP line for port 5501 and 5502:
iptables -nL | grep '5501\|5502'
<CTRL+D twice to logoff>
You can now confirm that the legacy TCP ports 5501 and 5502 have been disabled using a tool of your choosing, i.e., telnet <hubAddress> 5501
Product: Stratusphere FIT/UX
Product Version: 6..x
Expires on: 365 days from publish date
Updated: March 28, 2023