2015-04-24 15:31 GMT+03:00 Jim Perrin <jperrin@xxxxxxxxxx>:
>
>
> On 04/24/2015 04:21 AM, Venkateswara Rao Dokku wrote:
> > Hi,
> >
> > I was using CentOS 7 and when I ran some custom commercial security scan
> on
> > my machine, I found about 122 vulnerabilities.
> >
> > Can you help me on how to get security upgrades on top of my existing
> > CentOS?
>
> The short answer: 'yum update'
>
> The long answer: nearly all commercial scanners test via version number,
> not actual vulnerabilities. You can take the list of 'vulnerable'
> packages and the related CVEs and 'rpm -q <package> --changelog | grep
> -i cve' to see that it's been addressed.
>
Usually security scanners like nessus, openvas .. detect os
misconfigurations like weak ciphers and some basic os misconfigurations
"easy" way to get PASS result is usually just turn off version numbers from
services and disable weak ciphers like sslv3, sslv2 and so on...
--
Eero
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
