2015-04-24 15:31 GMT+03:00 Jim Perrin <jperrin at centos.org>: > > > On 04/24/2015 04:21 AM, Venkateswara Rao Dokku wrote: > > Hi, > > > > I was using CentOS 7 and when I ran some custom commercial security scan > on > > my machine, I found about 122 vulnerabilities. > > > > Can you help me on how to get security upgrades on top of my existing > > CentOS? > > The short answer: 'yum update' > > The long answer: nearly all commercial scanners test via version number, > not actual vulnerabilities. You can take the list of 'vulnerable' > packages and the related CVEs and 'rpm -q <package> --changelog | grep > -i cve' to see that it's been addressed. > Usually security scanners like nessus, openvas .. detect os misconfigurations like weak ciphers and some basic os misconfigurations "easy" way to get PASS result is usually just turn off version numbers from services and disable weak ciphers like sslv3, sslv2 and so on... -- Eero