[CentOS] Centos security update
Eero Volotinen
eero.volotinen at iki.fi
Fri Apr 24 12:53:42 UTC 2015
2015-04-24 15:31 GMT+03:00 Jim Perrin <jperrin at centos.org>:
>
>
> On 04/24/2015 04:21 AM, Venkateswara Rao Dokku wrote:
> > Hi,
> >
> > I was using CentOS 7 and when I ran some custom commercial security scan
> on
> > my machine, I found about 122 vulnerabilities.
> >
> > Can you help me on how to get security upgrades on top of my existing
> > CentOS?
>
> The short answer: 'yum update'
>
> The long answer: nearly all commercial scanners test via version number,
> not actual vulnerabilities. You can take the list of 'vulnerable'
> packages and the related CVEs and 'rpm -q <package> --changelog | grep
> -i cve' to see that it's been addressed.
>
Usually security scanners like nessus, openvas .. detect os
misconfigurations like weak ciphers and some basic os misconfigurations
"easy" way to get PASS result is usually just turn off version numbers from
services and disable weak ciphers like sslv3, sslv2 and so on...
--
Eero
More information about the CentOS
mailing list