CentOS – Page 5 – WindowsTechs.com

How to scan a list of RPM files for publicly declared (CVE) vulnerabilities?

Posted on October 8, 2019 by bhorkarg

Couldn’t find a reliable tool to scan a list of CentOS or RHEL RPM files for vulnerabilities (e.g. list CVEs found for each file).

The goal is to scan the RPM files for vulnerabilities before they are installed (well, shipp… Continue reading How to scan a list of RPM files for publicly declared (CVE) vulnerabilities?→

This Week in Security: Patch Monday Mysteries, CentOS 8 and CentOS Stream, Russian Surveillance, and CSRF

Posted on September 27, 2019 by Jonathan Bennett

So first off this week is something of a mystery. Microsoft released an out-of-cycle patch for Internet Explorer. The exploitability assessment from Microsoft indicates that this bug is under active exploitation, but not many details are available. Let’s take a look at what information has been released, and see what …read more

Continue reading This Week in Security: Patch Monday Mysteries, CentOS 8 and CentOS Stream, Russian Surveillance, and CSRF→

Backdoor Found in Utility for Linux, Unix Servers

Posted on August 21, 2019 by Tom Spring

Backdoor was intentionally planted in 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code. Continue reading Backdoor Found in Utility for Linux, Unix Servers→

Exposure of /etc/ssh, risks?

Posted on July 12, 2019 by unixadmin

I accidentally exposed the keys in /etc/ssh

What is the risk?

I think it will allow someone to impersonate the server and conduct MITM.

Will it let someone SSH into the server? I think not because they’re not the private k… Continue reading Exposure of /etc/ssh, risks?→

RHEL7 SSGv0.1 2.2.3 Unauthorized SUID/GUID executables

Posted on June 24, 2019 by Scottie H

We are upgrading to RHEL 7.6. My Nessus scanner is giving me the following message:
2.2.3.c-d Mandatory Review Required: Find unauthorized SUID/GUID System Executables
RHEL7 SSGv0.1 2.2.3 Unauthorized SUID/GUID executables
/u… Continue reading RHEL7 SSGv0.1 2.2.3 Unauthorized SUID/GUID executables→

Why is autofs insecure?

Posted on May 22, 2019 by Scottie H

I am hardening CentOS/RHEL 7.6. The hardening documents recommend disabling the automounter, “unless it is necessary.”
Why is autofs such a problem?
One of the benefits of networking is a shared file system. What other alternatives are the… Continue reading Why is autofs insecure?→

LUKS partition encryption vs. .vmdk level encryption

Posted on May 13, 2019 by blabla_trace

Because of data classification that is stored on one of our servers we need to make sure that it is protected while in transit and at rest. While the first can be addressed with proper TLS configuration I have some doubts abo… Continue reading LUKS partition encryption vs. .vmdk level encryption→

Putty not presenting private key to Linux server, or server not accepting it

Posted on May 3, 2019 by KidACrimson

I know this is probably very basic to a lot of you, but alas I am stuck. I have followed these instructions exactly to try and setup my private-public keys for SSH login to a shared Linux server (CentOS 7). My workstation (th… Continue reading Putty not presenting private key to Linux server, or server not accepting it→

Rationale for removing cronie-anacron

Posted on April 9, 2019 by Scottie H

My Nessus scanner reports that I need to remove cronie-anacron. What is the rationale for this?

Continue reading Rationale for removing cronie-anacron→

CentOS Update for bpftool CESA-2018:3651 centos7

Posted on March 1, 2019 by Kellep Charles

The remote host is missing an update for the ‘bpftool’ package(s) announced via the CESA-2018:3651 advisory. […] Continue reading CentOS Update for bpftool CESA-2018:3651 centos7→