RH415 - ch01s07

Identify all security notices that relate to a RHEL system, assess the severity of the notices, and update the system to eliminate any Moderate security issues.

Outcomes

Identify all Critical, Important, and Moderate security notices.
Update the system to eliminate potential Moderate security vulnerabilities.

As the student user on the workstation machine, use the lab command to prepare your environment for this exercise, and to ensure that all required resources are available.

[student@workstation ~]$ lab start securityrisk-review

Instructions

Identify all Critical, Important, and Moderate security updates on the serverb machine.
Log in to the serverb machine as the student user.
[student@workstation ~]$ ssh student@serverb [student@serverb ~]$
Change to the root user. Use student as the password.
[student@serverb ~]$ sudo -i [sudo] password for student: student [root@serverb ~]#
List the summary of the security updates. Among the 16 total security notices, eight are Important and eight are Moderate. The total security number might be different on your system.
[root@serverb ~]# dnf updateinfo --security ...output omitted... Updates Information Summary: available 16 Security notice(s) 8 Important Security notice(s) 8 Moderate Security notice(s)

List the security-related packages that are available to update.

[root@serverb ~]# dnf updateinfo list updates security
...output omitted...
RHSA-2023:4354 Moderate/Sec.  curl-7.76.1-23.el9_2.2.x86_64
...output omitted...
RHSA-2023:4354 Moderate/Sec.  libcurl-7.76.1-23.el9_2.2.x86_64
...output omitted...

List the RHSAs with a Moderate severity rating.

[root@serverb ~]# dnf updateinfo list updates security | grep Moderate
RHSA-2023:4354 Moderate/Sec.  curl-7.76.1-23.el9_2.2.x86_64
...output omitted...
RHSA-2023:4354 Moderate/Sec.  libcurl-7.76.1-23.el9_2.2.x86_64
...output omitted...

View the information of the RHSA-2023:4354 RHSA to validate its content.

[root@serverb ~]# dnf updateinfo info RHSA-2023:4354
...output omitted...
===============================================================================
  Moderate: curl security update
===============================================================================
  Update ID: RHSA-2023:4354
       Type: security
    Updated: 2023-08-01 03:58:15
       Bugs: 2196786 - CVE-2023-28321 curl: IDN wildcard match may lead to Improper Cerificate Validation
           : 2196793 - CVE-2023-28322 curl: more POST-after-PUT confusion
       CVEs: CVE-2023-28321
           : CVE-2023-28322
Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
           :
           : Security Fix(es):
           :
           : * curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)
           :
           : * curl: more POST-after-PUT confusion (CVE-2023-28322)
           :
           : For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
   Severity: Moderate

Use DNF and the RHSA ID to update the system with the necessary packages that provide the security fixes.

[root@serverb ~]# dnf update --advisory RHSA-2023:4354
...output omitted...
Dependencies resolved.
================================================================================
 Package
      Arch   Version           Repository                                  Size
================================================================================
Upgrading:
 curl x86_64 7.76.1-23.el9_2.2 rhel-9.2-for-x86_64-baseos-additional-rpms 298 k
 libcurl
      x86_64 7.76.1-23.el9_2.2 rhel-9.2-for-x86_64-baseos-additional-rpms 286 k

Transaction Summary
================================================================================
Upgrade  2 Packages

...output omitted...
Is this ok [y/N]: y
...output omitted...
Upgraded:
  curl-7.76.1-23.el9_2.2.x86_64         libcurl-7.76.1-23.el9_2.2.x86_64

Complete!

List the summary of the security updates again to confirm that the number of notices is reduced for Moderate severity.

[root@serverb ~]# dnf updateinfo --security
...output omitted...
Updates Information Summary: available
    15 Security notice(s)
         8 Important Security notice(s)
         7 Moderate Security notice(s)

Return to the workstation machine as the student user.

[root@serverb ~]# logout
[student@serverb ~]$ logout
Connection to serverb closed.
[student@workstation ~]$

Evaluation

As the student user on the workstation machine, use the lab command to grade your work. Correct any reported failures and rerun the command until successful.

[student@workstation ~]$ lab grade securityrisk-review

Finish

As the student user on the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish securityrisk-review

Discuss Red Hat Security: Linux in Physical, Virtual, and Cloud

Go to community

Welcome to the Red Hat Security: Linux in Physical, Virtual, and Cloud (RH415) group!

Deanna

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Security: Linux in Physical, Virtual, and Cloud! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH415.Read more about Red Hat Security: Linux in Physical, Virtual, and Cloud here.

415

Revision: rh415-9.2-a821299