[CentOS] Centos security update

Fri Apr 24 12:53:42 UTC 2015
Eero Volotinen <eero.volotinen at iki.fi>

2015-04-24 15:31 GMT+03:00 Jim Perrin <jperrin at centos.org>:

>
>
> On 04/24/2015 04:21 AM, Venkateswara Rao Dokku wrote:
> > Hi,
> >
> > I was using CentOS 7 and when I ran some custom commercial security scan
> on
> > my machine, I found about 122 vulnerabilities.
> >
> > Can you help me on how to get security upgrades on top of my existing
> > CentOS?
>
> The short answer: 'yum update'
>
> The long answer: nearly all commercial scanners test via version number,
> not actual vulnerabilities. You can take the list of 'vulnerable'
> packages and the related CVEs and 'rpm -q <package> --changelog | grep
> -i cve' to see that it's been addressed.
>

Usually security scanners like nessus, openvas .. detect os
misconfigurations like weak ciphers and some basic os misconfigurations

"easy" way to get PASS result is usually just turn off version numbers from
services and disable weak ciphers like sslv3, sslv2 and so on...

--
Eero