Apache and OpenSSL running on its EC2 instances bundled with RedHat Linux 8 are outdated, how to best resolve this
As part of the System Penetration results, customer was advised that the versions of Apache and OpenSSL running on its EC2 instances bundled with RedHat Linux 8 are outdated and need to be updated to the latest version as they are vulnerable to several security vulnerabilities that might lead to system compromise according to penetration test outcomes. However, customer's Managed Service Partner advised that these versions that come with RedHat package updates are the latest ones that are compatible with the version of RedHat Kernel, and it would not be a good idea to manually upgrade these to the mainstream versions.
The customer would like to know the best way to resolve this issue?
- 최신
- 최다 투표
- 가장 많은 댓글
I would snapshot the existing instance, spin up a new instance with that snapshot, and then upgrade the packages. Then test.
If you are behind a ALB, you could create a canary with the updated package and use weighted target groups to send a small amount of traffic to the canary.
