No announcement yet.

OpenSSH vulnerabilities in PCI scan report


  • OpenSSH vulnerabilities in PCI scan report

    How to update OpenSSH version to latest openssh-7.4p1

    PCI Scan is very big topic to explain and will require a separate article for an explanation, However, I will explain in an easy way. Basically, PCI compliance is a process where your servers are scanned for any vulnerabilities that can be exploited. The process scans all the services, packages installed their versions and Open ports status on your server. With the help of scan report system, admins can patch up the security loopholes, lock down ports and upgrade the packages to the latest version.

    One service which will always be possible reported for vulnerabilities is OpenSSH, So when you receive a PCI scan report that returns the unsupported version of OpenSSH vulnerabilities then you will have to perform an update.

    The process of OpenSSH upgrade will require root access to the server. Today we are going to show you how to update OpenSSH service to latest OpenSSH-7.4p1 version.

    After the updated version please resubmit your request for PCI scan.

    Click image for larger version  Name:	openssh-pci-scan.jpg Views:	5 Size:	71.0 KB ID:	316

    You can find the current version of OpenSSH on your server using the following command:

    -bash-4.1# rpm -qa | grep openssh
    Which shows your OpenSSH package’s version is OpenSSH-5.3p1-123.el6_9:

    You can download the updated version of OpenSSH using the following link:

    -bash-4.1# cd /usr/src
    -bash-4.1# wget
    -bash-4.1# tar -xvzf openssh-7.4p1.tar.gz
    Then, you may need to install a few things for your RPM build to work:

    yum install rpm-build gcc make wget OpenSSL-devel krb5-devel pam-devel libX11-devel xmkmf libXt-devel
    Next, run the followig commands:

    -bash-4.1# mkdir -p /root/rpmbuild/{SOURCES,SPECS}
    -bash-4.1# cp ./openssh-7.4p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
    -bash-4.1# cp openssh-7.4p1.tar.gz /root/rpmbuild/SOURCES/
    -bash-4.1# cd /root/rpmbuild/SPECS/
    Next, run the following sed commands:

    server# sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" openssh.spec
    server# sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" openssh.spec
    server# sed -i -e "s/BuildPreReq/BuildRequires/g" openssh.spec
    and build your RPM using the command:

    -bash-4.1# rpmbuild -bb OpenSSH.spec
    Now, you’ll see four RPMs.


    -bash-4.1# cd /root/rpmbuild/RPMS/x86_64/
    -bash-4.1# ls -la
    total 1524
    drwxr-xr-x 2 root root 4096 Dec 1 10:11 .
    drwxr-xr-x 3 root root 4096 Dec 1 10:11 ..
    -rw-r--r-- 1 root root 516172 Dec 1 10:11 openssh-7.4p1-1.x86_64.rpm
    -rw-r--r-- 1 root root 609468 Dec 1 10:11 openssh-clients-7.4p1-1.x86_64.rpm
    -rw-r--r-- 1 root root 16964 Dec 1 10:11 openssh-debuginfo-7.4p1-1.x86_64.rpm
    -rw-r--r-- 1 root root 387436 Dec 1 10:11 openssh-server-7.4p1-1.x86_64.rpm
    Next, go with the final install using the command:

    -bash-4.1# rpm -Uvh *.rpm
    To verify the newly installed OpenSSH version, use command"

    server# rpm -qa | grep openssh
    I hope this article helps you to upgrade OpenSSH version. Please get back to us if you have any issues.
      Posting comments is disabled.



    Latest Articles


    • Top Command
      Akash Gorane
      [COLOR=rgba(0, 0, 0, 0.9)]'top' command is used to display dynamic real-time information about running processes in the system.[/COLOR] - PID: Shows task’s unique process id. - PR: Stands for priority
      01-12-2023, 05:12 PM
    • Drupal 10 is here, here's all the new features that you will get
      The latest version of Drupal 10 is all set to release on 14 December 2022. Here are all the features that you will get after you updgrade to drupal 10
      • CKEditor
      • Symfony
      • PHP
      • Composer
      12-06-2022, 02:39 PM
    • Common Used OpenVZ Commands:
      Jayant R. Danech
      Hello Everyone,

      This article covers most commonly used OpenVZ commands that can be useful for system administrator who are using OpenVZ:

      1. To list running VPSs on the node:
      [Command ]# vzlist

      # vzlist
            CTID      NPROC STATUS    IP_ADDR         HOSTNAME
             101        112 running   xx.xx.xx.xx    
             102         54 running   xx.xx.xx.xx
      2. To list all running
      10-06-2018, 11:40 AM
    • cPanel Crash Drive Recovery
      Jayant R. Danech

      I hope this topic will be helpful for all of you..

      You have a server whose disk is crashed for some reason and you have been provided with a new disk with OS and cPanel installed on it (SDA). The old drive is attached to the disk and this will be the second disk on the server (SDB)

      Check what partition contained the data through below command:

      # fdisk -l
      Once you find the partition, you can mount it to /old_drive
      10-05-2018, 03:46 PM
    • Error Codes
      Jayant R. Danech
      Error codes and their descriptions:

      Error Code 300 [Multiple Choices]
      Description: Description:The URI refers to more than one file. The server may respond with an error message or a list of options.

      Error Code 301 [Moved Permanently]
      Description: The page has been permanently moved. The client will normally perform a redirection to the new URL. References to the old URL should be updated.

      Error Code 302 [Moved Temporarily]
      09-21-2018, 12:56 PM
    • Javascript Frameworks and Libraries to Learn in 2018
      Mangesh Thakur
      Take a quick look of projects on GitHub and you’ll realize that there are over 1 million JavaScript projects. In this article we’ll take a look at some of the JavaScript frameworks that were a big hit in 2017 and which you should try and take advantage of.

      One thing to note is that the popularity of JavaScript frameworks is ever changing. So, what might be in today may not be in tomorrow.
      Let’s begin by defining what a framework is.

      Think of a car. Every working...
      01-04-2018, 06:54 PM