阿里云ECS主机漏洞修复

  • A+
所属分类:技术文档
百度已收录

17年底,阿里云一直提示Linux主机有漏洞,碍于时间问题没去解决,趁着今晚有空就一起把它解决,下面分享下解决方法以及解决过程.

方法/步骤

一、登录阿里云控制台,【云盾 ● 态势感知】-【漏洞管理】,这里列出主机当前漏洞,根据漏洞类型进行逐一修复;下面漏洞主要关键词为NetwordManagerlibnl3wgetkernelgnltus

阿里云ECS主机漏洞修复

二、远程连接主机,【云服务器 ECS】-【实例】-【远程连接】PS:忘记远程密码可在【更多】处重置密码;

阿里云ECS主机漏洞修复

修复命令

NetwordManager

  1. yum update NetworkManager
  2. yum update NetworkManager-libnm
  3. yum update NetworkManager-team
  4. yum update NetworkManager-tui
  5. yum update NetworkManager-wifi

wget

  1. yum update wget

libnl3

  1. yum update libnl3
  2. yum update libnl3-cli

kernel

  1. yum update kernel-tools
  2. yum update kernel-tools-libs
  3. yum update python-perf

gnutls

  1. yum update gnutls

漏洞修复后重启主机,并验证漏洞修复.

阿里云ECS主机漏洞修复

常见漏洞修复命令

快速定位漏洞名方法:Ctrl+F搜索RHSA-2017:XXXX,搜索其中的XXXX即可

RHSA-2017:1365: nss security and bug fix update (Important)

软件: nss 3.21.0-17.el7

命中: nss version less than 0:3.28.4-1.2.el7_3

  1. yum update nss
  2. yum update nss-sysinit
  3. yum update nss-tools

RHSA-2017:1100: nss and nss-util security update (Critical)

软件: nss-util 3.21.0-2.2.el7_2

命中: nss-util version less than 0:3.28.4-1.0.el7_3

  1. yum update nss-util
  2. yum update nss
  3. yum update nss-sysinit
  4. yum update nss-tools

RHSA-2017:2292: gnutls security, bug fix, and enhancement update (Moderate)

软件: gnutls 3.3.24-1.el7

命中: gnutls version less than 0:3.3.26-9.el7

  1. yum update gnutls

RHSA-2017:0086: kernel security, bug fix, and enhancement update (Important)

软件: kernel-tools 3.10.0-514.el7

命中: kernel-tools version less than 0:3.10.0-514.6.1.el7

  1. yum update kernel-tools
  2. yum update kernel-tools-libs
  3. yum update python-perf

RHSA-2016:2615: bind security update (Important)

软件: bind-libs-lite 9.9.4-37.el7

命中: bind-libs-lite version less than 32:9.9.4-38.el7_3

  1. yum update bind-libs-lite
  2. yum update bind-license

RHSA-2017:1680: bind security and bug fix update (Important)

软件: bind-libs-lite 9.9.4-37.el7

命中: bind-libs-lite version less than 32:9.9.4-50.el7_3.1

  1. yum update bind-libs-lite
  2. yum update bind-license

RHSA-2017:1308: kernel security, bug fix, and enhancement update (Important)

软件: kernel-tools 3.10.0-514.el7

命中: kernel-tools version less than 0:3.10.0-514.21.1.el7

  1. yum update kernel-tools
  2. yum update kernel-tools-libs
  3. yum update python-perf

RHSA-2017:0062: bind security update (Important)

软件: bind-libs-lite 9.9.4-37.el7

命中: bind-libs-lite version less than 32:9.9.4-38.el7_3.1

  1. yum update bind-libs-lite
  2. yum update bind-license

RHSA-2017:0386: kernel security, bug fix, and enhancement update (Important)

软件: kernel-tools 3.10.0-514.el7

命中: kernel-tools version less than 0:3.10.0-514.10.2.el7

  1. yum update kernel-tools
  2. yum update kernel-tools-libs
  3. yum update python-perf

RHSA-2017:1095: bind security update (Important)

软件: bind-libs-lite 9.9.4-37.el7

命中: bind-libs-lite version less than 32:9.9.4-38.el7_3.3

  1. yum update bind-libs-lite
  2. yum update bind-license

RHSA-2017:2299: NetworkManager and libnl3 security, bug fix and enhancement update (Moderate)

软件: libnl3 3.2.28-2.el7

命中: libnl3 version less than 0:3.2.28-4.el7

  1. yum update libnl3
  2. yum update libnl3-cli
  3. yum update NetworkManager
  4. yum update NetworkManager-libnm
  5. yum update NetworkManager-team
  6. yum update NetworkManager-tui
  7. yum update NetworkManager-wifi

RHSA-2017:1615: kernel security and bug fix update (Important)

软件: kernel-tools 3.10.0-514.el7

命中: kernel-tools version less than 0:3.10.0-514.26.1.el7

  1. yum update kernel-tools
  2. yum update kernel-tools-libs
  3. yum update python-perf

RHSA-2017:1842: kernel security, bug fix, and enhancement update (Important)

软件: kernel-tools 3.10.0-514.el7

命中: kernel-tools version less than 0:3.10.0-693.el7

  1. yum update kernel-tools
  2. yum update kernel-tools-libs
  3. yum update python-perf

RHSA-2017:0933: kernel security, bug fix, and enhancement update (Important)

软件: kernel-tools 3.10.0-514.el7

命中: kernel-tools version less than 0:3.10.0-514.16.1.el7

  1. yum update kernel-tools
  2. yum update kernel-tools-libs
  3. yum update python-perf

RHSA-2017:3075: wget security update

CVE-2017-13090 高危CVE-2017-13089 高危 GNU Wget缓冲区溢出漏洞

软件: wget 1.14-15.el7

命中: wget version less than 0:1.14-15.el7_4.1

  1. yum update wget

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: