OpenSSH vulnerabilities in PCI scan report

OpenSSH vulnerabilities in PCI scan report
How to update OpenSSH version to latest openssh-7.4p1

PCI Scan is very big topic to explain and will require a separate article for an explanation, However, I will explain in an easy way. Basically, PCI compliance is a process where your servers are scanned for any vulnerabilities that can be exploited. The process scans all the services, packages installed their versions and Open ports status on your server. With the help of scan report system, admins can patch up the security loopholes, lock down ports and upgrade the packages to the latest version.

One service which will always be possible reported for vulnerabilities is OpenSSH, So when you receive a PCI scan report that returns the unsupported version of OpenSSH vulnerabilities then you will have to perform an update.

The process of OpenSSH upgrade will require root access to the server. Today we are going to show you how to update OpenSSH service to latest OpenSSH-7.4p1 version.

After the updated version please resubmit your request for PCI scan.

You can find the current version of OpenSSH on your server using the following command:

Code:

-bash-4.1# rpm -qa | grep openssh

Which shows your OpenSSH package’s version is OpenSSH-5.3p1-123.el6_9:

You can download the updated version of OpenSSH using the following link: http://www.openssh.com/portable.html

Code:

-bash-4.1# cd /usr/src -bash-4.1# wget http://mirrors.evowise.com/pub/OpenB...h-7.4p1.tar.gz -bash-4.1# tar -xvzf openssh-7.4p1.tar.gz

Then, you may need to install a few things for your RPM build to work:

Code:

yum install rpm-build gcc make wget OpenSSL-devel krb5-devel pam-devel libX11-devel xmkmf libXt-devel

Next, run the followig commands:

Code:

-bash-4.1# mkdir -p /root/rpmbuild/{SOURCES,SPECS} -bash-4.1# cp ./openssh-7.4p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/ -bash-4.1# cp openssh-7.4p1.tar.gz /root/rpmbuild/SOURCES/ -bash-4.1# cd /root/rpmbuild/SPECS/

Next, run the following sed commands:

Code:

server# sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" openssh.spec server# sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" openssh.spec server# sed -i -e "s/BuildPreReq/BuildRequires/g" openssh.spec

and build your RPM using the command:

Code:

-bash-4.1# rpmbuild -bb OpenSSH.spec

Now, you’ll see four RPMs.

Example:

Code:

-bash-4.1# cd /root/rpmbuild/RPMS/x86_64/ -bash-4.1# ls -la total 1524 drwxr-xr-x 2 root root 4096 Dec 1 10:11 . drwxr-xr-x 3 root root 4096 Dec 1 10:11 .. -rw-r--r-- 1 root root 516172 Dec 1 10:11 openssh-7.4p1-1.x86_64.rpm -rw-r--r-- 1 root root 609468 Dec 1 10:11 openssh-clients-7.4p1-1.x86_64.rpm -rw-r--r-- 1 root root 16964 Dec 1 10:11 openssh-debuginfo-7.4p1-1.x86_64.rpm -rw-r--r-- 1 root root 387436 Dec 1 10:11 openssh-server-7.4p1-1.x86_64.rpm

Next, go with the final install using the command:

Code:

-bash-4.1# rpm -Uvh *.rpm

To verify the newly installed OpenSSH version, use command"

Code:

server# rpm -qa | grep openssh

I hope this article helps you to upgrade OpenSSH version. Please get back to us if you have any issues.
Tags: None
Posting comments is disabled.

Top Command

Akash Gorane

[COLOR=rgba(0, 0, 0, 0.9)]'top' command is used to display dynamic real-time information about running processes in the system.[/COLOR] - PID: Shows task’s unique process id. - PR: Stands for priority
- Channel: Articles
01-12-2023, 05:12 PM
Drupal 10 is here, here's all the new features that you will get

ramankumarlnwebworks
The latest version of Drupal 10 is all set to release on 14 December 2022. Here are all the features that you will get after you updgrade to drupal 10
- CKEditor
- Symfony
- PHP
- Composer
- Channel: Articles
12-06-2022, 02:39 PM
Common Used OpenVZ Commands:

Jayant R. Danech
Hello Everyone,

This article covers most commonly used OpenVZ commands that can be useful for system administrator who are using OpenVZ:

1. To list running VPSs on the node:
[Command ]# vzlist

:

Example: # vzlist CTID NPROC STATUS IP_ADDR HOSTNAME 101 112 running xx.xx.xx.xx server1.24x7.com 102 54 running xx.xx.xx.xx server2.24x7.com

2. To list all running
...
- Channel: Articles
10-06-2018, 11:40 AM
cPanel Crash Drive Recovery

Jayant R. Danech
Hi,

I hope this topic will be helpful for all of you..

You have a server whose disk is crashed for some reason and you have been provided with a new disk with OS and cPanel installed on it (SDA). The old drive is attached to the disk and this will be the second disk on the server (SDB)

Check what partition contained the data through below command:
:
```
# fdisk -l
```
Once you find the partition, you can mount it to /old_drive
...
- Channel: Articles
10-05-2018, 03:46 PM
Error Codes

Jayant R. Danech

Error codes and their descriptions:

Error Code 300 [Multiple Choices]
Description: Description:The URI refers to more than one file. The server may respond with an error message or a list of options.

Error Code 301 [Moved Permanently]
Description: The page has been permanently moved. The client will normally perform a redirection to the new URL. References to the old URL should be updated.

Error Code 302 [Moved Temporarily]
Description:...
- Channel: Articles
09-21-2018, 12:56 PM
Javascript Frameworks and Libraries to Learn in 2018

Mangesh Thakur

Take a quick look of projects on GitHub and you’ll realize that there are over 1 million JavaScript projects. In this article we’ll take a look at some of the JavaScript frameworks that were a big hit in 2017 and which you should try and take advantage of.

One thing to note is that the popularity of JavaScript frameworks is ever changing. So, what might be in today may not be in tomorrow.
Let’s begin by defining what a framework is.

Think of a car. Every working...
- Channel: Articles
01-04-2018, 06:54 PM

Announcement

OpenSSH vulnerabilities in PCI scan report

Categories

Article Tags

Latest Articles