From with SC there is an option to disable offline authentication under Setup > System Settings > Under Authentication Settings > Agents.
The help page says this
If your RSA Authentication Manager deployment does not use offline authentication, then you might want to prevent security scans from finding that the default offline authentication port 5580/TCP is enabled and listening. Click the Disable Offline Authentication Port checkbox to disable this port.
Even after checking this option for disable offline authentication,
- I still see openssl respond on port 5580
- Netstat still lists the port 5580 as listening
Can I get more insights around this ?
It works as the page says:
Important: Changing these settings will require:
--------------------------------------------------------------------------------
before the change, iptables rule:
-A rsaserv-aps -p tcp -m tcp --dport 5580 -j ACCEPT
after the change and manual restart, this rule is removed
NOTE: 5580 will still be listening but iptables is blocking
tcp 0 0 :::5580 :::* LISTEN