Your suggestion for understanding and solve problem with vulnerabilities

Support for security such as Firewalls and securing linux
Post Reply
kajafarov
Posts: 6
Joined: 2021/11/16 10:19:09

Your suggestion for understanding and solve problem with vulnerabilities

Post by kajafarov » 2021/11/24 05:47:00

Hi,


As i understood Centos does not support Security Metadata. ok
I have Qualys application which show Vulnerabilities in my current Cento7, which updated, but still show vulnerabilities.

information about status of update my system.
[root@centostemp user]# yum update
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.yer.az
* extras: mirror.yer.az
* updates: mirror.yer.az
No packages marked for update

---------------------------------------------------
Example of vulnerabilities
https://lists.centos.org/pipermail/cent ... 48398.html


My current kernel is Linux 3.10.0-1160.45.1.el7.x86_64 x86_64

My Kernel lists by RPM
[root@centostemp user ]# rpm -qa | grep kernel
kernel-tools-libs-3.10.0-1160.45.1.el7.x86_64
abrt-addon-kerneloops-2.1.11-60.el7.centos.x86_64
kernel-3.10.0-1160.45.1.el7.x86_64
kernel-tools-3.10.0-1160.45.1.el7.x86_64
kernel-headers-3.10.0-1160.45.1.el7.x86_64
------------------------------------------------------------------------------------------------

Can i use this command for resolve problem by advisory number (p.s Qualys app show advisory numbers)? yum update --advisory=CESA-2021:2314

Please i need your suggestions.

Thank you.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Your suggestion for understanding and solve problem with vulnerabilities

Post by jlehtone » 2021/11/24 07:55:30

kajafarov wrote:
2021/11/24 05:47:00
As i understood Centos does not support Security Metadata. ok
...
Can i use this command for resolve problem by advisory number (p.s Qualys app show advisory numbers)? yum update --advisory=CESA-2021:2314
No. There is no Security Metadata in CentOS repositories. That means that there is no data about "advisories" in CentOS repositories.


https://access.redhat.com/errata/RHSA-2021:2314 shows that Red Hat did release kernel-3.10.0-1160.31.1.el7 for RHEL 7 in June 2021.
You have already kernel-3.10.0-1160.45.1.el7, which is a successor of 3.10.0-1160.31.1.
You should therefore have the 2021:2314 fixed as well as RH deems it necessary to fix.

Ask yourself: How does "Qualys app" verify that target has a vulnerability?

kajafarov
Posts: 6
Joined: 2021/11/16 10:19:09

Re: Your suggestion for understanding and solve problem with vulnerabilities

Post by kajafarov » 2021/11/24 08:12:29

Thank you for quick response. İ try open case in qualys.

Can you give some manual for solve CVE and security patching ?

Thank you.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Your suggestion for understanding and solve problem with vulnerabilities

Post by TrevorH » 2021/11/24 10:20:11

yum update
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

kajafarov
Posts: 6
Joined: 2021/11/16 10:19:09

Re: Your suggestion for understanding and solve problem with vulnerabilities

Post by kajafarov » 2021/11/24 10:30:50

Hi.

Now i faced with trouble after update, by information from DevopsEng after update kub-node not started.

Thank you.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Your suggestion for understanding and solve problem with vulnerabilities

Post by jlehtone » 2021/11/24 10:41:51

kajafarov wrote:
2021/11/24 10:30:50
... after update kub-node not started.
What is "kub-node"?

Is it a service? If yes, what is its status (usually seen with "systemctl status servicename")?
Does in write logs? Do they (or "sudo journalctl -xe") show what errors prevent the start?

Post Reply