Tweet
PCI Scan is very big topic to explain and will require a separate article for an explanation, However, I will explain in an easy way. Basically, PCI compliance is a process where your servers are scanned for any vulnerabilities that can be exploited. The process scans all the services, packages installed their versions and Open ports status on your server. With the help of scan report system, admins can patch up the security loopholes, lock down ports and upgrade the packages to the latest version.
One service which will always be possible reported for vulnerabilities is OpenSSH, So when you receive a PCI scan report that returns the unsupported version of OpenSSH vulnerabilities then you will have to perform an update.
The process of OpenSSH upgrade will require root access to the server. Today we are going to show you how to update OpenSSH service to latest OpenSSH-7.4p1 version.
After the updated version please resubmit your request for PCI scan.
You can find the current version of OpenSSH on your server using the following command:
Code:
-bash-4.1# rpm -qa | grep openssh
You can download the updated version of OpenSSH using the following link: http://www.openssh.com/portable.html
Code:
-bash-4.1# cd /usr/src -bash-4.1# wget [URL="http://mirrors.evowise.com/pub/OpenBSD/OpenSSH/portable/openssh-7.4p1.tar.gz"][U]http://mirrors.evowise.com/pub/OpenB...h-7.4p1.tar.gz[/U][/URL] -bash-4.1# tar -xvzf openssh-7.4p1.tar.gz
Code:
yum install rpm-build gcc make wget OpenSSL-devel krb5-devel pam-devel libX11-devel xmkmf libXt-devel
Code:
-bash-4.1# mkdir -p /root/rpmbuild/{SOURCES,SPECS}
-bash-4.1# cp ./openssh-7.4p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
-bash-4.1# cp openssh-7.4p1.tar.gz /root/rpmbuild/SOURCES/
-bash-4.1# cd /root/rpmbuild/SPECS/
Code:
server# sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" openssh.spec server# sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" openssh.spec server# sed -i -e "s/BuildPreReq/BuildRequires/g" openssh.spec
Code:
-bash-4.1# rpmbuild -bb OpenSSH.spec
Example:
Code:
-bash-4.1# cd /root/rpmbuild/RPMS/x86_64/ -bash-4.1# ls -la total 1524 drwxr-xr-x 2 root root 4096 Dec 1 10:11 . drwxr-xr-x 3 root root 4096 Dec 1 10:11 .. -rw-r--r-- 1 root root 516172 Dec 1 10:11 openssh-7.4p1-1.x86_64.rpm -rw-r--r-- 1 root root 609468 Dec 1 10:11 openssh-clients-7.4p1-1.x86_64.rpm -rw-r--r-- 1 root root 16964 Dec 1 10:11 openssh-debuginfo-7.4p1-1.x86_64.rpm -rw-r--r-- 1 root root 387436 Dec 1 10:11 openssh-server-7.4p1-1.x86_64.rpm
Code:
-bash-4.1# rpm -Uvh *.rpm
Code:
server# rpm -qa | grep openssh