Although I’m not surprised, it is interesting that the same big tech companies like Apple and Microsoft taking stances on being “environmentally conscious” while also ignoring forced obsoletion of old hardware.
That’s purely greenwashing marketing hype, with Apple being the worst offender. Now Microsoft seems to be following in their footsteps, although they’re still better in this regard than Apple.
Just read this book:
Final update on this issue. I found out about the "rpm -q --whatrequires " command and used that to navigate the dependency chain for the modules in question. I was able to determine that those modules were ultimately not being used for anything. Once I confirmed that, I removed the modules. So far so good. It didn’t cause any issues to the services on that server. I will find out if it resolved the vulnerability that had been flagged by the security scanner next time it runs, probably at the end of the month.
Awesome, thanks for your answers! I’m considering switching mostly to linux on the desktop at home and one of the sticking points for me has been finding a good video editor. This is very helpful in that regard.
Interesting! I have some questions:
Thanks!
I checked, and the versions of those modules that are currently installed are way behind what’s provided in the listed Red Hat patch, so it does seem that the updates for this just haven’t been installed. I will try to double-check with Red Hat support to be sure that enabling the Ceph repository is the correct course of action to take. Thank you once again for your help.
Oh, I was not aware of this. This is very useful! I will check it out and post an update later. Thank you!
No problem, thanks for the suggestions!
You might want to check the errata for the packages your scanning tools complained about. Rhel will keep stable versions at the same release version, but backport security fixes in.
Thanks. I had verified that there is an errata before posting here. I presume that it hasn’t been installed due to that repository being disabled, but maybe I’m mistaken?
Many security scanners are stupid about this.
Indeed. In the process of researching this I found a related KB article from Red Hat that basically said that the security scanner is not supposed to flag this.
Since it is rhel, you have a support contract, right? What do they say?
I’m positive we have a support contract, but I’ve never had to use it, so I’m not familiar with the process. I’m not one of the main linux admins here. If I can’t find the answer either here or from my own research, I’ll look into the process to open a case.
Thanks again.
Thank you, I’ve now asked my question within this same thread: https://lemmy.sdf.org/comment/1840823
Thank you, I’ve now asked my question within this same thread: https://lemmy.sdf.org/comment/1840823
Here’s my question, if anyone reading this post knows the answer: the simple version is… is it safe to enable the rhel-7-server-rhceph-4-tools-rpms repository?
To give a little more detail: old versions of modules that come from the Ceph package got flagged by our security scan. It appears that Ceph is installed by default on RHEL 7, but the repository above which I believe will update these modules, is not enabled by default. This seems odd to me, and the documentation for Ceph mentions that the EPEL repository should be disabled. It doesn’t appear that this repository is enabled, but this still made me concerned about why the Ceph repository isn’t enabled by default, hence my question.
Edit: I will try to contact Red Hat support to confirm the best course of action, like some have suggested on this thread. Thank you everyone for your help.
Edit 2: I figured out a course of action to take. The vulnerabilities were flagged for the librados2 and librbd1 packages. I used the command "rpm -q --whatrequires " to navigate the dependencies of these two packages to end at libvirt. Using the same command with libvirt, I was able to determine that no other package is dependent on it. Thus, it appears to me that I can address the issue by uninstalling all 3 packages. This seems safer and more secure than addressing the issue by enabling a new repository on the server. To be safe, I will take a snapshot of the VM before making the changes. I’ll post another update afterward.
Thanks! Yes, I have access to their community. I wasn’t sure if that was the best place to ask though. Their community software is a bit clunky, and sometimes official forums are not always the best place to ask.
I’ve thought about trying it before, but this thread is both inspiring me and giving me some info to get started (apps, etc). Is there a handy guide somewhere for a beginner that would explain some of the terminology, some of the most needed info, etc?
Good idea, after having just spent quite a while setting mine and troubleshooting them (first time samba user).
I haven’t used the tool below, but I’ve seen it be recommended. Might it be kind of what you’re looking for?
https://github.com/45Drives/cockpit-file-sharing